码迷,mamicode.com
首页 > 其他好文 > 详细

利用nginx解决cookie跨域

时间:2018-05-11 12:45:55      阅读:487      评论:0      收藏:0      [点我收藏+]

标签:soc   nginx配置   java   rem   format   inactive   app   bubuko   tomato   

一、写在前面

  最近需要把阿里云上的四台服务器的项目迁移到客户提供的新的项目中,原来的四台服务器中用到了一级域名和二级域名。比如aaa.abc.com 和bbb.abc.com 和ccc.abc.com。其中aaa.abc.com登录,通过把cookie中的信息setDomain给.abc.com。其他系统可以共享这个cookie。但是新的四台服务器中并没有申请域名,只有四个ip:

192.168.0.1    单点登录服务器

192.168.0.2

192.168.0.3

192.168.0.4

因为每台服务器有两个项目,都用到单点登录,所以通过修改新的共享登录方式花费时间太多,于是在网上搜cookie的跨域登录,尝试了下,在192.168.0.1    单点登录服务器中多次setDomain分别给2、3、4服务器,结果不理想,因为浏览器不允许。后来无意中看到nginx可以通过欺骗的方式共享cookie。于是想到原来公司部署nginx还有这层用法。

二、原来的nginx配置

  先说下nginx的安装,这个网上都有很多教程,不在赘述,我是参照于在Linux里安装、启动nginx。需要注意的是./configure后面的各种with,我在配置启动过程遇到了一些问题:

nginx: [emerg] unknown directive "aio" in

加上--with-file-aio  

Starting nginx: nginx: [emerg] the INET6 sockets are not supported on this platform in “[::]:80” of the

在后面加上--with-ipv6好使。

安装完成后。主要是nginx.conf的配置

原来服务器的配置nginx.conf:

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user root;
worker_processes 2;
worker_cpu_affinity 1000 0100;
error_log logs/error.log;
pid logs/nginx.pid;


events {
    worker_connections 2048;
}

http {
    log_format  main  ‘$remote_addr - $remote_user [$time_local] "$request" ‘
                      ‘$status $body_bytes_sent "$http_referer" ‘
                      ‘"$http_user_agent" "$http_x_forwarded_for"‘;

    access_log  logs/access.log  main;

   gzip  on;
   gzip_min_length  1000;
   gzip_buffers     4 8k;
   gzip_types       text/plain application/javascript application/x-javascript text/css application/xml;

   client_max_body_size 8M;
   client_body_buffer_size 128k;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             mime.types;
    default_type        application/octet-stream;

    connection_pool_size 512;
    aio on;
    open_file_cache max=1000 inactive=20s;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
  #  主要配置在这里,nginx.conf配置都是一样 include /usr/local/nginx/conf/conf.d/*.conf; server { listen 80 default_server; listen [::]:80 ipv6only=on default_server; server_name _; root html; # Load configuration files for the default server block. include /usr/local/nginx/conf/default.d/*.conf; location / { } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } }

原来服务器的

conf.d/*.conf的配置是reverse-proxy.conf
server
{
    listen 80;
    server_name m.abc.com.cn;
    location / {
        root   /usr/share/nginx/html/;
        index  index.html index.htm;
    }
    location ~ \.(jsp|do)?$ {
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8084;
    }
    if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") {  
                return 403;  
        }
    access_log /home/logs/nginx/m.abc.com.cn_access.log;
}
 
server
{
    listen 80;
    server_name store.abc.com.cn *.store.abc.com.cn;
    location / {
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8081;
    }
    access_log /home/logs/nginx/store.abc.com.cn_access.log;
}

server
{
    listen 80;
    server_name shopcenter.abc.com.cn;
    location / {
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://10.45.100.222:8082;
    }
    access_log /home/logs/nginx/shopcenter.abc.com.cn_access.log;
}
 
server
{
    listen 80;
    server_name search.abc.com.cn;
    location / {
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://10.45.100.68:8083;
    }
    access_log /home/logs/nginx/search.abc.com.cn_access.log;
}

以上配置后,nginx启动后,通过访问不同的域名来访问不同服务器。而因为都有二级域名.abc.com.cn。所以可以共享cookie。

nginx的文件结构为:

技术分享图片

 

三、修改后的nginx配置

主要是reverse-proxy.conf 不同

server
{
    listen 9998;
    server_name 192.168.0.1:9998;
    location /servlets/ {
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://192.168.0.1:8088;
    }
    location / {

        root   /usr/local/nginx/html/web/;
        index  index.html index.htm;
    }
    location ~ \.(jsp|do)?$ {
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://192.168.0.1:8088;
        
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout    700s;
    } 
if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") {  
                return 403;  
        }
    access_log /usr/local/nginx/logs/www.abc.com.cn_access.log;
}

server
{
    listen 9994;
    server_name 192.168.0.1:9994;
    location / {
     proxy_redirect off;

       root   /usr/local/nginx/html/weixin/;
        index  index.html index.htm;
    }
    location ~ \.(jsp|do)?$ {
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8084;
    }
    if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") {  
                return 403;  
        }
    access_log /usr/local/nginx/logs/m.abc.com.cn_access.log;
}
 
server
{
    listen 9990;
    server_name store.abc.com.cn *.store.abc.com.cn;
    location / {
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8081;
    }
    access_log /usr/local/nginx/logs/store.abc.com.cn_access.log;
}

server
{
    listen 9992;
    server_name 192.168.0.1:9992;
    location / {
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://192.168.0.2:8082;
    }
    access_log /usr/local/nginx/logs/shopcenter.abc.com.cn_access.log;
}
 
server
{
    listen 9993;
    server_name 192.168.0.1:9993;
    location / {
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://192.168.0.3:8083;
    }
    access_log /usr/local/nginx/logs/search.abc.com.cn_access.log;
}

这样就可以把

192.168.0.1:9998 当做单点服务器,登录后的domain都为192.168.0.1 。其他的0.2、0.3都可以通过192.168.0.1nginx和单点服务器的不同端口访问,那么就可以共享这个0.1的域名了。

四、最后

  好吧,可能描述的不是那么清楚,有点乱。我所做的工作就是把原来的nginx配置中的端口和域名改成新服务器中的唯一一个ip把这个ip当做那个域名,不同端口对应不同二级域名。

利用nginx解决cookie跨域

标签:soc   nginx配置   java   rem   format   inactive   app   bubuko   tomato   

原文地址:https://www.cnblogs.com/minzhousblogs/p/9023391.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!