nginx跨域问题记录
现象:
访问 toolbox.chinasoft.com 提示如下:
Access to Font at 'https://images.chinasoft.com/static-toolbox/style/fonts/global_iconfont.woff?iv41ks' from origin 'https://toolbox.chinasoft.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin'
header is present on the requested resource. Origin 'https://toolbox.chinasoft.com' is therefore not allowed access.
解决:
1.在toolbox.chinasoft.com.conf中添加跨域的配置,问题依旧
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type,*';
2.多次配置无效,于是在images.chinasoft.com中也配置可以跨域,问题解决
跨域配置示例
1.写法1 map $http_origin $corsHost { default "none" ; "~https://mockitt.chinasoft.com" https://mockitt.chinasoft.com ; } set $cors_origin ""; if ($http_origin ~* "^https://www.chinasoft.cn$") { set $cors_origin $http_origin; } add_header Access-Control-Allow-Origin $cors_origin; if ($request_method = 'OPTIONS') { add_header Access-Control-Allow-Origin $cors_origin; add_header Access-Control-Allow-Methods GET,POST,OPTIONS; add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; return 204; }
2.写法2
#跨域配置
set $allow_headers 'Content-Type,X-Requested-With,Origin,Authorization,Keep-Alive,User-Agent,Cache-Control,X-Plugin-Id,X-Activity-Id,X-Csrf-Token'; set $allow_methods 'POST,GET,PATCH,OPTIONS,PUT'; if ($request_method = 'OPTIONS') { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Methods $allow_methods always; add_header Access-Control-Allow-Headers $allow_headers always; add_header 'Access-Control-Allow-Credentials' 'true' always; return 204; } # 单个域名的配置 if ($http_origin ~* (https?://[^/]*\.chinasoft\.com)) { # 多个域名的配置 # if ($http_origin ~* "^http(s?)://(.*).(chinaosft|baidu|alibaba).(.*)$") { add_header 'Access-Control-Allow-Origin' $http_origin always; add_header 'Access-Control-Allow-Headers' $allow_headers always; add_header 'Access-Control-Allow-Methods' $allow_methods always; add_header 'Access-Control-Allow-Credentials' 'true' always; }
#跨域配置
location /api { proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_pass http://mkweb_servers; set $cors_origin ""; if ($http_origin ~* "^http(s?)://(.*).(chinaosft|baidu|alibaba).(.*)$") { set $cors_origin $http_origin; } add_header Access-Control-Allow-Origin $cors_origin; add_header 'Access-Control-Allow-Credentials' 'true' always; #add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS, POST, PUT, PATCH' always; add_header 'Access-Control-Allow-Methods' '*'; add_header 'Access-Control-Allow-Headers' '*'; expires -1; }
示例
location ~ /(convert) { proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_pass http://convert_servers; #跨域配置 set $allow_headers 'Content-Type,X-Requested-With,Origin,Authorization,Keep-Alive,User-Agent,Cache-Control,X-Plugin-Id,X-Activity-Id,X-Csrf-Token'; set $allow_methods 'POST,GET,PATCH,OPTIONS,PUT'; if ($request_method = 'OPTIONS') { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Methods $allow_methods always; add_header Access-Control-Allow-Headers $allow_headers always; add_header 'Access-Control-Allow-Credentials' 'true' always; return 204; } if ($http_origin ~* (https?://[^/]*\.chinasoft\.cn)) { add_header 'Access-Control-Allow-Origin' $http_origin always; add_header 'Access-Control-Allow-Headers' $allow_headers always; add_header 'Access-Control-Allow-Methods' $allow_methods always; add_header 'Access-Control-Allow-Credentials' 'true' always; } expires -1; }
# 设置跨域
map $http_origin $corsHost {
default "none" ;
"~https://pixconv.chinasoft.cn" https://pixconv.chinasoft.cn;
"~https://pix.chinasoft.cn" https://pix.chinasoft.cn;
"~https://pix.design" https://pix.design;
}
add_header Access-Control-Allow-Origin $corsHost;
# 如果nginx和服务端代码都加了跨域,就会报错如下,删除服务端或者代码里面的跨域保留其中一个即可
origin 'https://pix.chinasoft.cn' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'https://pix.chinasoft.cn, https://pix.chinasoft.cn', but only one is allowed.
允许指定域名跨域
# more appweb.chinasoft.com.conf
server {
listen 80;
server_name appweb.chinasoft.com ori-appweb.chinasoft.com;
access_log /data/www/logs/nginx_log/access/appweb.chinasoft.com_access.log main ;
error_log /data/www/logs/nginx_log/error/appweb.chinasoft.com_error.log ;
root /data/www/vhosts/appweb.chinasoft.com/httpdocs;
index index.html index.shtml index.php;
#include rewrite.d/appweb.chinasoft.com.conf ;
error_page 404 403 /404.html;
location ~ .*\.(gif|jpg|png|bmp|swf|mapl|js|css)$
{
expires 90d;
}
location ~ .*\.(html)?$
{
expires -1;
}
#允许指定域名跨域
set $cors_origin "";
set $allow_methods 'POST,GET,PATCH,OPTIONS,PUT,DELETE';
set $allow_headers 'Content-Type,X-Requested-With,Origin,Authorization,Keep-Alive,User-Agent,Cache-Control,X-Plugin-Id,X-Activity-Id,X-Csrf-Token';
if ($http_origin ~* (https?://[^/]*\.chinasoft\.cn)) {
set $cors_origin $http_origin;
}
if ($http_origin ~* (https?://[^/]*\.good\.cn)) {
set $cors_origin $http_origin;
}
if ($request_method = 'OPTIONS') {
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header Access-Control-Allow-Methods $allow_methods always;
add_header Access-Control-Allow-Headers $allow_headers always;
}
server {
listen 443 ssl;
ssl_certificate cert2016/chinasoft.com.crt;
ssl_certificate_key cert2016/chinasoft.com.key;
ssl_dhparam cert2016/dh_2048.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AE
S256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3
-SHA:!KRB5-DES-CBC3-SHA";
ssl_prefer_server_ciphers on;
server_name appweb.chinasoft.com ori-appweb.chinasoft.com;
access_log /data/www/logs/nginx_log/access/appweb.chinasoft.com_access.log main ;
error_log /data/www/logs/nginx_log/error/appweb.chinasoft.com_error.log ;
root /data/www/vhosts/appweb.chinasoft.com/httpdocs;
index index.html index.shtml index.php ;
#include rewrite.d/appweb.chinasoft.com.conf ;
error_page 404 403 /404.html;
#允许指定域名跨域
set $cors_origin "";
set $allow_methods 'POST,GET,PATCH,OPTIONS,PUT,DELETE';
set $allow_headers 'Content-Type,X-Requested-With,Origin,Authorization,Keep-Alive,User-Agent,Cache-Control,X-Plugin-Id,X-Activity-Id,X-Csrf-Token';
if ($http_origin ~* (https?://[^/]*\.chinasoft\.cn)) {
set $cors_origin $http_origin;
}
if ($http_origin ~* (https?://[^/]*\.good\.cn)) {
set $cors_origin $http_origin;
}
if ($request_method = 'OPTIONS') {
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header Access-Control-Allow-Methods $allow_methods always;
add_header Access-Control-Allow-Headers $allow_headers always;
location ~ .*\.(gif|jpg|png|bmp|swf|mapl|js|css)$
{
expires 90d;
}
location ~ .*\.(html)?$
{
expires -1;
}
}
nginx配置
#跨域配置20220804 set $allow_headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Csrf-Token,X-Clie nt-Sign'; set $allow_methods 'POST,GET,OPTIONS,PUT,DELETE'; if ($request_method = 'OPTIONS') { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Methods $allow_methods always; add_header Access-Control-Allow-Headers $allow_headers always; add_header 'Access-Control-Allow-Credentials' 'true' always; return 204; } if ($http_origin ~* (https?://[^/]*\.300624\.*|https?://[^/]*\.wondershare\.*)) { add_header 'Access-Control-Allow-Origin' $http_origin always; add_header 'Access-Control-Allow-Headers' $allow_headers always; add_header 'Access-Control-Allow-Methods' $allow_methods always; add_header 'Access-Control-Allow-Credentials' 'true' always; }
完整nginx配置
upstream product_mrs_servers{ #server 172.30.0.171:9080 max_fails=3 fail_timeout=30s weight=1; server 172.30.0.173:9080 max_fails=3 fail_timeout=30s weight=1; check interval=3000 rise=3 fall=5 timeout=1000 type=tcp port=9080; check_keepalive_requests 100; } upstream repairit_mobile_servers{ server 172.30.0.182:8002 max_fails=5 fail_timeout=30s weight=1; server 172.30.0.182:8003 max_fails=5 fail_timeout=30s weight=1; check interval=3000 rise=3 fall=5 timeout=1000 type=tcp port=8002; check_keepalive_requests 100; } upstream product_drfone_api_servers{ server 172.30.3.29:8001 max_fails=3 fail_timeout=30s weight=1; check interval=3000 rise=3 fall=5 timeout=1000 type=tcp port=8001; check_keepalive_requests 100; } upstream online_ai_servers{ #ip_hash; server 172.30.0.173:9085 max_fails=3 fail_timeout=30s weight=1; check interval=3000 rise=3 fall=5 timeout=1000 type=tcp port=9085; check_keepalive_requests 100; } map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 80; server_name repairit-api.chinasoft.com ; access_log /data/www/logs/nginx_log/access/repairit-api.chinasoft.com_access.log main ; error_log /data/www/logs/nginx_log/error/repairit-api.chinasoft.com_error.log ; error_page 404 403 /404.html; if ($http_user_agent ~ Ezooms) { return 403; } location ~ ^.*\.(htaccess|htpasswd|ini|sh|git|svn|project|LICENSE|log|env|env\.[\w]+|env\.[\w]+\.[\w]+)$ { deny all; } rewrite ^/(.*)$ https://repairit-api.chinasoft.com/$1 permanent; #跳转到Https } server { listen 443 ssl; server_name repairit-api.chinasoft.com; access_log /data/www/logs/nginx_log/access/repairit-api.chinasoft.com_access.log main ; error_log /data/www/logs/nginx_log/error/repairit-api.chinasoft.com_error.log ; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; error_page 404 403 /404.html; ssl_certificate cert2016/chinasoft_com.crt; ssl_certificate_key cert2016/chinasoft_com.key; ssl_dhparam cert2016/dh_2048.pem; ssl_session_timeout 15m; ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"; ssl_prefer_server_ciphers on; if ($http_user_agent ~ Ezooms) { return 403; } location ~ ^.*\.(htaccess|htpasswd|ini|sh|git|svn|project|LICENSE|log|env|env\.[\w]+|env\.[\w]+\.[\w]+)$ { deny all; } location / { #add_header Cache-Control no-cache; # 2020 0918 add 跨域 #if ($request_method = 'OPTIONS') { # add_header Access-Control-Allow-Origin $cors_origin; # add_header Access-Control-Allow-Methods GET,POST,OPTIONS; # add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; # return 204; #} #跨域配置20220804 set $allow_headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Csrf-Token,X-Client-Sign'; set $allow_methods 'POST,GET,OPTIONS,PUT,DELETE'; if ($request_method = 'OPTIONS') { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Methods $allow_methods always; add_header Access-Control-Allow-Headers $allow_headers always; add_header 'Access-Control-Allow-Credentials' 'true' always; return 204; } if ($http_origin ~* (https?://[^/]*\.chinasoft\.*|https?://[^/]*\.iskysoft\.*|https?://[^/]*\.uniconverter\.*|https?://[^/]*\.media.io|https?://[^/]*\.filmorapro\.*|https?://[^/]*\.hipdf\.com)) { add_header 'Access-Control-Allow-Origin' $http_origin always; add_header 'Access-Control-Allow-Headers' $allow_headers always; add_header 'Access-Control-Allow-Methods' $allow_methods always; add_header 'Access-Control-Allow-Credentials' 'true' always; } proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Nginx-Proxy true; proxy_set_header X-Scheme $scheme; proxy_set_header Connection ""; #proxy_pass http://120.76.141.110:9088; #proxy_pass http://172.30.0.123:9088; expires -1; } location ^~ /app { alias /data/www/vhosts/repairit-api.chinasoft.com/httpdocs; # 替换为实际的路径 index index.html; #try_files $uri $uri/ /app/index.html; try_files $uri /app/index.html; expires -1; } location ^~ /apis/websocket { proxy_pass http://172.30.0.173:9080; # WebSocket后端服务地址 proxy_http_version 1.1; # 使用 HTTP 1.1 协议 proxy_set_header Upgrade $http_upgrade; # 设置 Upgrade 头部 proxy_set_header Connection $connection_upgrade; # 设置 Connection 头部 proxy_set_header Host $host; # 传递 Host 头部 proxy_set_header X-Real-IP $remote_addr; # 传递客户端真实 IP proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /apis/vrs/v1 { proxy_redirect off; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_connect_timeout 10; proxy_send_timeout 180; proxy_read_timeout 180; proxy_http_version 1.1; proxy_pass http://product_mrs_servers; expires -1; } location /apis/drfone/v1/ { proxy_redirect off; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_connect_timeout 10; proxy_send_timeout 180; proxy_read_timeout 180; proxy_http_version 1.1; proxy_pass http://product_drfone_api_servers; expires -1; } location /api/v1/mobile/ { proxy_redirect off; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_connect_timeout 60; proxy_send_timeout 180; proxy_read_timeout 180; proxy_http_version 1.1; proxy_pass http://repairit_mobile_servers; expires -1; } location ~* /apis/(wsid|pbs) { ## 2020 0918 add 跨域 #if ($request_method = 'OPTIONS') { # add_header Access-Control-Allow-Origin $cors_origin; # add_header Access-Control-Allow-Methods GET,POST,OPTIONS; # add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; # return 204; #} #跨域配置20220804 set $allow_headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Csrf-Token,X-Client-Sign'; set $allow_methods 'POST,GET,OPTIONS,PUT,DELETE'; if ($request_method = 'OPTIONS') { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Methods $allow_methods always; add_header Access-Control-Allow-Headers $allow_headers always; add_header 'Access-Control-Allow-Credentials' 'true' always; return 204; } if ($http_origin ~* (https?://[^/]*\.chinasoft\.*|https?://[^/]*\.iskysoft\.*|https?://[^/]*\.uniconverter\.*|https?://[^/]*\.media.io|https?://[^/]*\.filmorapro\.*|https?://[^/]*\.hipdf\.com)) { add_header 'Access-Control-Allow-Origin' $http_origin always; add_header 'Access-Control-Allow-Headers' $allow_headers always; add_header 'Access-Control-Allow-Methods' $allow_methods always; add_header 'Access-Control-Allow-Credentials' 'true' always; } proxy_redirect off; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_connect_timeout 10; proxy_send_timeout 180; proxy_read_timeout 180; proxy_http_version 1.1; proxy_pass http://product_mrs_servers; } location /apis/vrs/v2 { #跨域配置20220804 set $allow_headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Csrf-Token,X-Client-Sign'; set $allow_methods 'POST,GET,OPTIONS,PUT,DELETE'; if ($request_method = 'OPTIONS') { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Methods $allow_methods always; add_header Access-Control-Allow-Headers $allow_headers always; add_header 'Access-Control-Allow-Credentials' 'true' always; return 204; } if ($http_origin ~* (https?://[^/]*\.chinasoft\.*|https?://[^/]*\.iskysoft\.*|https?://[^/]*\.uniconverter\.*|https?://[^/]*\.media.io|https?://[^/]*\.filmorapro\.*|https?://[^/]*\.hipdf\.com)) { add_header 'Access-Control-Allow-Origin' $http_origin always; add_header 'Access-Control-Allow-Headers' $allow_headers always; add_header 'Access-Control-Allow-Methods' $allow_methods always; add_header 'Access-Control-Allow-Credentials' 'true' always; } proxy_redirect off; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_connect_timeout 10; proxy_send_timeout 180; proxy_read_timeout 180; proxy_http_version 1.1; proxy_pass http://product_mrs_servers; } location /apis/v1/video { set $allow_headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Csrf-Token,X-Client-Sign'; set $allow_methods 'POST,GET,OPTIONS,PUT,DELETE'; if ($request_method = 'OPTIONS') { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Methods $allow_methods always; add_header Access-Control-Allow-Headers $allow_headers always; add_header 'Access-Control-Allow-Credentials' 'true' always; return 204; } if ($http_origin ~* (https?://[^/]*\.chinasoft\.*|https?://[^/]*\.iskysoft\.*|https?://[^/]*\.uniconverter\.*|https?://[^/]*\.media.io|https?://[^/]*\.filmorapro\.*|https?://[^/]*\.hipdf\.com)) { add_header 'Access-Control-Allow-Origin' $http_origin always; add_header 'Access-Control-Allow-Headers' $allow_headers always; add_header 'Access-Control-Allow-Methods' $allow_methods always; add_header 'Access-Control-Allow-Credentials' 'true' always; } proxy_redirect off; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_connect_timeout 10; proxy_send_timeout 180; proxy_read_timeout 180; proxy_http_version 1.1; proxy_pass http://product_mrs_servers; } location ~* /apis/(mrs|ai) { #跨域配置20220804 set $allow_headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Csrf-Token,X-Client-Sign'; set $allow_methods 'POST,GET,OPTIONS,PUT,DELETE'; if ($request_method = 'OPTIONS') { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Methods $allow_methods always; add_header Access-Control-Allow-Headers $allow_headers always; add_header 'Access-Control-Allow-Credentials' 'true' always; return 204; } if ($http_origin ~* (https?://[^/]*\.chinasoft\.*|https?://[^/]*\.iskysoft\.*|https?://[^/]*\.uniconverter\.*|https?://[^/]*\.media.io|https?://[^/]*\.filmorapro\.*|https?://[^/]*\.hipdf\.com)) { add_header 'Access-Control-Allow-Origin' $http_origin always; add_header 'Access-Control-Allow-Headers' $allow_headers always; add_header 'Access-Control-Allow-Methods' $allow_methods always; add_header 'Access-Control-Allow-Credentials' 'true' always; } proxy_redirect off; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_connect_timeout 10; proxy_send_timeout 180; proxy_read_timeout 180; proxy_http_version 1.1; proxy_pass http://product_mrs_servers; } location /apis/prs { #跨域配置20220804 set $allow_headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Csrf-Token,X-Client-Sign'; set $allow_methods 'POST,GET,OPTIONS,PUT,DELETE'; if ($request_method = 'OPTIONS') { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Methods $allow_methods always; add_header Access-Control-Allow-Headers $allow_headers always; add_header 'Access-Control-Allow-Credentials' 'true' always; return 204; } if ($http_origin ~* (https?://[^/]*\.chinasoft\.*|https?://[^/]*\.iskysoft\.*|https?://[^/]*\.uniconverter\.*|https?://[^/]*\.media.io|https?://[^/]*\.filmorapro\.*|https?://[^/]*\.hipdf\.com)) { add_header 'Access-Control-Allow-Origin' $http_origin always; add_header 'Access-Control-Allow-Headers' $allow_headers always; add_header 'Access-Control-Allow-Methods' $allow_methods always; add_header 'Access-Control-Allow-Credentials' 'true' always; } proxy_redirect off; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_connect_timeout 10; proxy_send_timeout 180; proxy_read_timeout 180; proxy_http_version 1.1; proxy_pass http://product_mrs_servers; } location /apis/drs { #跨域配置20220804 set $allow_headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Csrf-Token,X-Client-Sign'; set $allow_methods 'POST,GET,OPTIONS,PUT,DELETE'; if ($request_method = 'OPTIONS') { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Methods $allow_methods always; add_header Access-Control-Allow-Headers $allow_headers always; add_header 'Access-Control-Allow-Credentials' 'true' always; return 204; } if ($http_origin ~* (https?://[^/]*\.chinasoft\.*|https?://[^/]*\.iskysoft\.*|https?://[^/]*\.uniconverter\.*|https?://[^/]*\.media.io|https?://[^/]*\.filmorapro\.*|https?://[^/]*\.hipdf\.com)) { add_header 'Access-Control-Allow-Origin' $http_origin always; add_header 'Access-Control-Allow-Headers' $allow_headers always; add_header 'Access-Control-Allow-Methods' $allow_methods always; add_header 'Access-Control-Allow-Credentials' 'true' always; } proxy_redirect off; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_connect_timeout 10; proxy_send_timeout 180; proxy_read_timeout 180; proxy_http_version 1.1; proxy_pass http://product_mrs_servers; } location /apis/ai { #跨域配置20220804 set $allow_headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Csrf-Token,X-Client-Sign'; set $allow_methods 'POST,GET,OPTIONS,PUT,DELETE'; if ($request_method = 'OPTIONS') { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Methods $allow_methods always; add_header Access-Control-Allow-Headers $allow_headers always; add_header 'Access-Control-Allow-Credentials' 'true' always; return 204; } if ($http_origin ~* (https?://[^/]*\.chinasoft\.*|https?://[^/]*\.iskysoft\.*|https?://[^/]*\.uniconverter\.*|https?://[^/]*\.media.io|https?://[^/]*\.filmorapro\.*|https?://[^/]*\.hipdf\.com)) { add_header 'Access-Control-Allow-Origin' $http_origin always; add_header 'Access-Control-Allow-Headers' $allow_headers always; add_header 'Access-Control-Allow-Methods' $allow_methods always; add_header 'Access-Control-Allow-Credentials' 'true' always; } proxy_redirect off; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_connect_timeout 10; proxy_send_timeout 180; proxy_read_timeout 180; proxy_http_version 1.1; proxy_pass http://product_mrs_servers; } location /online/ai/v3 { #跨域配置20220804 set $allow_headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Csrf-Token,X-Client-Sign'; set $allow_methods 'POST,GET,OPTIONS,PUT,DELETE'; if ($request_method = 'OPTIONS') { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Methods $allow_methods always; add_header Access-Control-Allow-Headers $allow_headers always; add_header 'Access-Control-Allow-Credentials' 'true' always; return 204; } if ($http_origin ~* (https?://[^/]*\.chinasoft\.*|https?://[^/]*\.iskysoft\.*|https?://[^/]*\.uniconverter\.*|https?://[^/]*\.media.io|https?://[^/]*\.filmorapro\.*|https?://[^/]*\.hipdf\.com)) { add_header 'Access-Control-Allow-Origin' $http_origin always; add_header 'Access-Control-Allow-Headers' $allow_headers always; add_header 'Access-Control-Allow-Methods' $allow_methods always; add_header 'Access-Control-Allow-Credentials' 'true' always; } proxy_redirect off; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_connect_timeout 10; proxy_send_timeout 180; proxy_read_timeout 180; proxy_http_version 1.1; proxy_pass http://product_mrs_servers; } location /wlcb { #跨域配置20220804 set $allow_headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Csrf-Token,X-Client-Sign'; set $allow_methods 'POST,GET,OPTIONS,PUT,DELETE'; if ($request_method = 'OPTIONS') { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Methods $allow_methods always; add_header Access-Control-Allow-Headers $allow_headers always; add_header 'Access-Control-Allow-Credentials' 'true' always; return 204; } if ($http_origin ~* (https?://[^/]*\.chinasoft\.*|https?://[^/]*\.iskysoft\.*|https?://[^/]*\.uniconverter\.*|https?://[^/]*\.media.io|https?://[^/]*\.filmorapro\.*|https?://[^/]*\.hipdf\.com)) { add_header 'Access-Control-Allow-Origin' $http_origin always; add_header 'Access-Control-Allow-Headers' $allow_headers always; add_header 'Access-Control-Allow-Methods' $allow_methods always; add_header 'Access-Control-Allow-Credentials' 'true' always; } #rewrite ^.+apis/?(.*)$ /$1 break; proxy_pass http://172.30.0.90:9011; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # 调用容器中的服务,通过内网Ingress暴露出来 location /ai/v2/ { # 通过hosts解析到容器的内网ingress上 proxy_pass http://drmrsdsk-service-ingress-intranet; } location /ai/v3/ { # 通过hosts解析到容器的内网ingress上 proxy_pass http://drmrsdsk-service-ingress-intranet; } }
浙公网安备 33010602011771号