首頁 >運維 >Nginx >如何利用nginx解決cookie跨域存取的問題

如何利用nginx解決cookie跨域存取的問題

PHPz
PHPz轉載
2023-05-26 23:21:213373瀏覽

一、寫在前面

最近需要把阿里雲上的四台伺服器的專案遷移到客戶提供的新的專案中,原來的四台伺服器中用到了一級域名和二級域名。例如aaa.abc.com 和bbb.abc.com 和ccc.abc.com。其中aaa.abc.com登錄,透過把cookie中的資訊setdomain給.abc.com。其他系統可以共用這個cookie。但新的四台伺服器中並沒有申請域名,只有四個ip:

192.168.0.1    單一登入伺服器

192.168.0.2

#192.168.0.3

192.168.0.4

因為每台伺服器有兩個項目,都用到單點登錄,所以透過修改新的共享登入方式花費時間太多,於是在網路上搜cookie的跨域登入,嘗試了下,在192.168.0.1    單一登入伺服器中多次setdomain分別給2、3、4伺服器,結果不理想,因為瀏覽器不允許。後來無意中看到nginx可以透過欺騙的方式共享cookie。於是想到原來公司部署nginx還有這層用法。

二、原來的nginx配置

先說下nginx的安裝,這個網上都有很多教程,不在贅述,我是參考於在linux裡安裝、啟動nginx。要注意的是./configure後面的各種with,我在設定啟動過程遇到了一些問題:

nginx: [emerg] unknown directive "aio" in

加上--with-file-aio 

複製程式碼 程式碼如下:

starting nginx: nginx: [emerg] the inet6 sockets are not supported on this platform in “[::]:80” of the

在後面加上--with-ipv6好使。

安裝完成後。主要是nginx.conf的設定

原來伺服器的設定nginx.conf:

# for more information on configuration, see:
#  * official english documentation: http://nginx.org/en/docs/
#  * official russian documentation: http://nginx.org/ru/docs/

user root;
worker_processes 2;
worker_cpu_affinity 1000 0100;
error_log logs/error.log;
pid logs/nginx.pid;


events {
  worker_connections 2048;
}

http {
  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
           '$status $body_bytes_sent "$http_referer" '
           '"$http_user_agent" "$http_x_forwarded_for"';

  access_log logs/access.log main;

  gzip on;
  gzip_min_length 1000;
  gzip_buffers   4 8k;
  gzip_types    text/plain application/javascript application/x-javascript text/css application/xml;

  client_max_body_size 8m;
  client_body_buffer_size 128k;

  sendfile      on;
  tcp_nopush     on;
  tcp_nodelay     on;
  keepalive_timeout  65;
  types_hash_max_size 2048;

  include       mime.types;
  default_type    application/octet-stream;

  connection_pool_size 512;
  aio on;
  open_file_cache max=1000 inactive=20s;

  # load modular configuration files from the /etc/nginx/conf.d directory.
  # see http://nginx.org/en/docs/ngx_core_module.html#include
  # for more information.
  #  主要配置在这里,nginx.conf配置都是一样
  include /usr/local/nginx/conf/conf.d/*.conf;

  server {
    listen    80 default_server;
    listen [::]:80 ipv6only=on default_server;
    server_name _;
    root     html;

    # load configuration files for the default server block.
    include /usr/local/nginx/conf/default.d/*.conf;

    location / {
    }

    error_page 404 /404.html;
      location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
      location = /50x.html {
    }
  }
}

原來伺服器的
conf.d/*.conf的設定是reverse-proxy.conf

server
{
  listen 80;
  server_name m.abc.com.cn;
  location / {
    root  /usr/share/nginx/html/;
    index index.html index.htm;
  }
  location ~ \.(jsp|do)?$ {
    proxy_redirect off;
    proxy_set_header host $host;
    proxy_set_header x-real-ip $remote_addr;
    proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    proxy_pass http://localhost:8084;
  }
  if ($http_user_agent ~* "qihoobot|baiduspider|googlebot|googlebot-mobile|googlebot-image|mediapartners-google|adsbot-google|feedfetcher-google|yahoo! slurp|yahoo! slurp china|youdaobot|sosospider|sogou spider|sogou web spider|msnbot|ia_archiver|tomato bot") { 
        return 403; 
    }
  access_log /home/logs/nginx/m.abc.com.cn_access.log;
}
 
server
{
  listen 80;
  server_name store.abc.com.cn *.store.abc.com.cn;
  location / {
    proxy_redirect off;
    proxy_set_header host $host;
    proxy_set_header x-real-ip $remote_addr;
    proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    proxy_pass http://localhost:8081;
  }
  access_log /home/logs/nginx/store.abc.com.cn_access.log;
}

server
{
  listen 80;
  server_name shopcenter.abc.com.cn;
  location / {
    proxy_redirect off;
    proxy_set_header host $host;
    proxy_set_header x-real-ip $remote_addr;
    proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    proxy_pass http://10.45.100.222:8082;
  }
  access_log /home/logs/nginx/shopcenter.abc.com.cn_access.log;
}
 
server
{
  listen 80;
  server_name search.abc.com.cn;
  location / {
    proxy_redirect off;
    proxy_set_header host $host;
    proxy_set_header x-real-ip $remote_addr;
    proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    proxy_pass http://10.45.100.68:8083;
  }
  access_log /home/logs/nginx/search.abc.com.cn_access.log;
}

以上配置後,nginx啟動後,透過存取不同的網域名稱來存取不同伺服器。而因為都有二級網域.abc.com.cn。所以可以共享cookie。

nginx的檔案結構為:

如何利用nginx解決cookie跨域存取的問題

#三、修改後的nginx設定

#主要是reverse- proxy.conf 不同

server
{
  listen 9998;
  server_name 192.168.0.1:9998;
  location /servlets/ {
    proxy_redirect off;
    proxy_set_header host $host;
    proxy_set_header x-real-ip $remote_addr;
    proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    proxy_pass http://192.168.0.1:8088;
  }
  location / {

    root  /usr/local/nginx/html/web/;
    index index.html index.htm;
  }
  location ~ \.(jsp|do)?$ {
    proxy_redirect off;
    proxy_set_header host $host;
    proxy_set_header x-real-ip $remote_addr;
    proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    proxy_pass http://192.168.0.1:8088;
    
    proxy_http_version 1.1;
    proxy_set_header upgrade $http_upgrade;
    proxy_set_header connection "upgrade";
    proxy_read_timeout  700s;
  } 
if ($http_user_agent ~* "qihoobot|baiduspider|googlebot|googlebot-mobile|googlebot-image|mediapartners-google|adsbot-google|feedfetcher-google|yahoo! slurp|yahoo! slurp china|youdaobot|sosospider|sogou spider|sogou web spider|msnbot|ia_archiver|tomato bot") { 
        return 403; 
    }
  access_log /usr/local/nginx/logs/www.abc.com.cn_access.log;
}

server
{
  listen 9994;
  server_name 192.168.0.1:9994;
  location / {
   proxy_redirect off;

    root  /usr/local/nginx/html/weixin/;
    index index.html index.htm;
  }
  location ~ \.(jsp|do)?$ {
    proxy_redirect off;
    proxy_set_header host $host;
    proxy_set_header x-real-ip $remote_addr;
    proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    proxy_pass http://localhost:8084;
  }
  if ($http_user_agent ~* "qihoobot|baiduspider|googlebot|googlebot-mobile|googlebot-image|mediapartners-google|adsbot-google|feedfetcher-google|yahoo! slurp|yahoo! slurp china|youdaobot|sosospider|sogou spider|sogou web spider|msnbot|ia_archiver|tomato bot") { 
        return 403; 
    }
  access_log /usr/local/nginx/logs/m.abc.com.cn_access.log;
}
 
server
{
  listen 9990;
  server_name store.abc.com.cn *.store.abc.com.cn;
  location / {
    proxy_redirect off;
    proxy_set_header host $host;
    proxy_set_header x-real-ip $remote_addr;
    proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    proxy_pass http://localhost:8081;
  }
  access_log /usr/local/nginx/logs/store.abc.com.cn_access.log;
}

server
{
  listen 9992;
  server_name 192.168.0.1:9992;
  location / {
    proxy_redirect off;
    proxy_set_header host $host;
    proxy_set_header x-real-ip $remote_addr;
    proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    proxy_pass http://192.168.0.2:8082;
  }
  access_log /usr/local/nginx/logs/shopcenter.abc.com.cn_access.log;
}
 
server
{
  listen 9993;
  server_name 192.168.0.1:9993;
  location / {
    proxy_redirect off;
    proxy_set_header host $host;
    proxy_set_header x-real-ip $remote_addr;
    proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    proxy_pass http://192.168.0.3:8083;
  }
  access_log /usr/local/nginx/logs/search.abc.com.cn_access.log;
}

 這樣就可以把192.168.0.1:9998 當做單點伺服器,登入後的domain都為192.168.0.1 。其他的0.2、0.3都可以透過192.168.0.1nginx和單點伺服器的不同連接埠訪問,那麼就可以共享這個0.1的網域了。

以上是如何利用nginx解決cookie跨域存取的問題的詳細內容。更多資訊請關注PHP中文網其他相關文章!

陳述:
本文轉載於:yisu.com。如有侵權,請聯絡admin@php.cn刪除