Home >Operation and Maintenance >Nginx >How to use nginx to solve the problem of cookie cross-domain access
1. Written in front
Recently, it is necessary to migrate the four server projects on Alibaba Cloud to a new project provided by the customer. The original four servers were used First-level domain names and second-level domain names. For example, aaa.abc.com and bbb.abc.com and ccc.abc.com. Among them, aaa.abc.com logs in by setting the information in the cookie to .abc.com. Other systems can share this cookie. However, there is no domain name applied for among the four new servers, only four IPs:
192.168.0.1 Single sign-on server
192.168.0.2
192.168.0.3
192.168.0.4
Because each server has two projects, both of which use single sign-on, it takes too much time to modify the new shared login method, so I searched for cross-domain cookies on the Internet. Log in, try it, and setdomain multiple times to servers 2, 3, and 4 in the 192.168.0.1 single sign-on server. The result is not ideal because the browser does not allow it. Later, I accidentally saw that nginx can share cookies through deception. So I thought that the original company deployed nginx and had this usage.
2. Original nginx configuration
Let’s talk about the installation of nginx first. There are many tutorials on the Internet, so I won’t go into details. I will refer to the installation in linux. Start nginx. What needs to be noted is the various withs behind ./configure. I encountered some problems during the configuration startup process:
nginx: [emerg] unknown directive "aio" in
Add --with-file-aio
Copy code The code is as follows:
starting nginx: nginx: [emerg] the inet6 sockets are not supported on this platform in “[::]:80” of the
Add --with-ipv6 after it make.
After the installation is completed. Mainly the configuration of nginx.conf
The original server’s configuration nginx.conf:
# for more information on configuration, see: # * official english documentation: http://nginx.org/en/docs/ # * official russian documentation: http://nginx.org/ru/docs/ user root; worker_processes 2; worker_cpu_affinity 1000 0100; error_log logs/error.log; pid logs/nginx.pid; events { worker_connections 2048; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; gzip on; gzip_min_length 1000; gzip_buffers 4 8k; gzip_types text/plain application/javascript application/x-javascript text/css application/xml; client_max_body_size 8m; client_body_buffer_size 128k; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include mime.types; default_type application/octet-stream; connection_pool_size 512; aio on; open_file_cache max=1000 inactive=20s; # load modular configuration files from the /etc/nginx/conf.d directory. # see http://nginx.org/en/docs/ngx_core_module.html#include # for more information. # 主要配置在这里,nginx.conf配置都是一样 include /usr/local/nginx/conf/conf.d/*.conf; server { listen 80 default_server; listen [::]:80 ipv6only=on default_server; server_name _; root html; # load configuration files for the default server block. include /usr/local/nginx/conf/default.d/*.conf; location / { } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } }
The original server’s
conf.d/*.conf configuration is reverse-proxy.conf
server { listen 80; server_name m.abc.com.cn; location / { root /usr/share/nginx/html/; index index.html index.htm; } location ~ \.(jsp|do)?$ { proxy_redirect off; proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_pass http://localhost:8084; } if ($http_user_agent ~* "qihoobot|baiduspider|googlebot|googlebot-mobile|googlebot-image|mediapartners-google|adsbot-google|feedfetcher-google|yahoo! slurp|yahoo! slurp china|youdaobot|sosospider|sogou spider|sogou web spider|msnbot|ia_archiver|tomato bot") { return 403; } access_log /home/logs/nginx/m.abc.com.cn_access.log; } server { listen 80; server_name store.abc.com.cn *.store.abc.com.cn; location / { proxy_redirect off; proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_pass http://localhost:8081; } access_log /home/logs/nginx/store.abc.com.cn_access.log; } server { listen 80; server_name shopcenter.abc.com.cn; location / { proxy_redirect off; proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_pass http://10.45.100.222:8082; } access_log /home/logs/nginx/shopcenter.abc.com.cn_access.log; } server { listen 80; server_name search.abc.com.cn; location / { proxy_redirect off; proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_pass http://10.45.100.68:8083; } access_log /home/logs/nginx/search.abc.com.cn_access.log; }
After the above configuration, after nginx is started, different servers can be accessed by accessing different domain names. And because they all have the second-level domain name .abc.com.cn. So cookies can be shared.
The file structure of nginx is:
3. The modified nginx configuration
is mainly reverse- proxy.conf is different
server { listen 9998; server_name 192.168.0.1:9998; location /servlets/ { proxy_redirect off; proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_pass http://192.168.0.1:8088; } location / { root /usr/local/nginx/html/web/; index index.html index.htm; } location ~ \.(jsp|do)?$ { proxy_redirect off; proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_pass http://192.168.0.1:8088; proxy_http_version 1.1; proxy_set_header upgrade $http_upgrade; proxy_set_header connection "upgrade"; proxy_read_timeout 700s; } if ($http_user_agent ~* "qihoobot|baiduspider|googlebot|googlebot-mobile|googlebot-image|mediapartners-google|adsbot-google|feedfetcher-google|yahoo! slurp|yahoo! slurp china|youdaobot|sosospider|sogou spider|sogou web spider|msnbot|ia_archiver|tomato bot") { return 403; } access_log /usr/local/nginx/logs/www.abc.com.cn_access.log; } server { listen 9994; server_name 192.168.0.1:9994; location / { proxy_redirect off; root /usr/local/nginx/html/weixin/; index index.html index.htm; } location ~ \.(jsp|do)?$ { proxy_redirect off; proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_pass http://localhost:8084; } if ($http_user_agent ~* "qihoobot|baiduspider|googlebot|googlebot-mobile|googlebot-image|mediapartners-google|adsbot-google|feedfetcher-google|yahoo! slurp|yahoo! slurp china|youdaobot|sosospider|sogou spider|sogou web spider|msnbot|ia_archiver|tomato bot") { return 403; } access_log /usr/local/nginx/logs/m.abc.com.cn_access.log; } server { listen 9990; server_name store.abc.com.cn *.store.abc.com.cn; location / { proxy_redirect off; proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_pass http://localhost:8081; } access_log /usr/local/nginx/logs/store.abc.com.cn_access.log; } server { listen 9992; server_name 192.168.0.1:9992; location / { proxy_redirect off; proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_pass http://192.168.0.2:8082; } access_log /usr/local/nginx/logs/shopcenter.abc.com.cn_access.log; } server { listen 9993; server_name 192.168.0.1:9993; location / { proxy_redirect off; proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_pass http://192.168.0.3:8083; } access_log /usr/local/nginx/logs/search.abc.com.cn_access.log; }
In this way, 192.168.0.1:9998 can be used as a single point server, and the domain after login is 192.168.0.1. The other 0.2 and 0.3 can be accessed through different ports of 192.168.0.1nginx and the single-point server, so the domain name of 0.1 can be shared.
The above is the detailed content of How to use nginx to solve the problem of cookie cross-domain access. For more information, please follow other related articles on the PHP Chinese website!