Nginx 配置示例
示例一:动态代理
server {
listen 80;
server_name xiexianbin.cn;
# logging
access_log /var/log/tengine/xiexianbin.cn.access.log main;
error_log /var/log/tengine/xiexianbin.cn.error.log warn;
location / {
return 301 http://$arg_host-$arg_port.xiexianbin.cn;
}
}
server {
listen 80;
server_name *.xiexianbin.cn;
# logging
access_log /var/log/tengine/xiexianbin.cn.access.log;
error_log /var/log/tengine/xiexianbin.cn.error.log warn;
location / {
if ($http_host ~* ^(.*)-(.*).xiexianbin.cn(.*)) {
set $jupyter_host $1;
set $jupyter_port $2;
}
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Methods *;
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_pass http://$jupyter_host:$jupyter_port;
}
}
示例二:代理SSL
location / {
proxy_pass https://127.0.0.1:443;
proxy_redirect off;
proxy_ssl_verify off;
proxy_ssl_server_name on;
proxy_ssl_session_reuse off;
proxy_set_header Host $host;
...
}
允许 iframe 嵌套
- location 下配置,否则报错:
Refused to display 'https://xxx.xiexianbin.cn.cn/' in a frame because it set 'X-Frame-Options' to 'deny'.
proxy_hide_header X-Frame-Options;
add_header X-Frame-Options ALLOWALL;
# add_header X-Frame-Options "ALLOW-FROM https://www.***.com/" always;
# X-Frame-Options: DENY # 拒绝
# X-Frame-Options: SAMEORIGIN # 同源
# X-Frame-Options: ALLOW-FROM https://example.com/ # 指定网址