sunpeng
/
oidc-gateway-demo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
oidc-gateway-demo/nginx/nginx.conf

193 lines
7.4 KiB
Nginx Configuration File
Raw Blame History

# nginx配置文件
# 用于OAuth2/OIDC系统的反向代理
# 工作进程数
worker_processes auto;
# PID文件路径
pid /tmp/nginx.pid;
# 错误日志
error_log /tmp/nginx_error.log;
# 事件模块配置
events {
worker_connections 1024;
}
# HTTP模块配置
http {
# MIME类型
include /opt/homebrew/etc/nginx/mime.types;
default_type application/octet-stream;
# 日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# 访问日志
access_log /tmp/nginx_access.log main;
# 基本设置
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# Gzip压缩
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json;
# 前端应用服务器 (a.com) - HTTPS
server {
listen 443 ssl;
server_name a.com;
# SSL配置
ssl_certificate /Users/sunpeng/workspace/remote/oauth2/ssl/certificate.crt;
ssl_certificate_key /Users/sunpeng/workspace/remote/oauth2/ssl/private.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# 静态文件目录
root /Users/sunpeng/workspace/remote/oauth2/resourceservicehtml;
# 首页和静态文件
location / {
try_files $uri $uri/ /index.html;
# 添加CORS头
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization";
}
# 处理OPTIONS预检请求
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}
# /api 路径转发到网关
location /api/ {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 处理CORS
add_header Access-Control-Allow-Origin "https://a.com" always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization";
# 处理OPTIONS请求
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin "https://a.com" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization";
add_header Access-Control-Max-Age 1728000;
add_header Content-Type "text/plain; charset=utf-8";
add_header Content-Length 0;
return 204;
}
}
# /test 路径转发到网关 (测试用)
location /test/ {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 处理CORS
add_header Access-Control-Allow-Origin "https://a.com" always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization";
# 处理OPTIONS请求
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin "https://a.com" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization";
add_header Access-Control-Max-Age 1728000;
add_header Content-Type "text/plain; charset=utf-8";
add_header Content-Length 0;
return 204;
}
}
# 错误页面
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
}
# OIDC服务器代理 (oidc.com) - HTTPS
server {
listen 443 ssl;
server_name oidc.com;
# SSL配置
ssl_certificate /Users/sunpeng/workspace/remote/oauth2/ssl/certificate.crt;
ssl_certificate_key /Users/sunpeng/workspace/remote/oauth2/ssl/private.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# 代理到OIDC服务器
location / {
proxy_pass http://localhost:9000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Cookie $http_cookie;
# 处理CORS
add_header Access-Control-Allow-Origin "https://a.com" always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization";
# 移除CSP限制 (开发环境)
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: http: https:;" always;
# 处理OPTIONS请求
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin "https://a.com" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization";
add_header Access-Control-Max-Age 1728000;
add_header Content-Type "text/plain; charset=utf-8";
add_header Content-Length 0;
return 204;
}
}
# 错误页面
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
}
# HTTP重定向到HTTPS
server {
listen 80;
server_name a.com oidc.com;
return 301 https://$server_name$request_uri;
}
# 默认服务器块(防止未匹配的请求)
server {
listen 80 default_server;
server_name _;
return 444;
}
}
Reference in New Issue View Git Blame Copy Permalink