corslogs
This commit is contained in:
parent
c64d5971ee
commit
4275131645
|
|
@ -32,5 +32,4 @@
|
|||
- Поддерживаемые методы: GET, POST, OPTIONS
|
||||
- Настроена поддержка credentials
|
||||
- Настроена обработка preflight-запросов
|
||||
- Настроено кэширование preflight-ответов на 20 дней (1728000 секунд)
|
||||
- Добавлено логирование CORS-запросов для отладки в /var/log/nginx/cors-debug.log
|
||||
- Настроено кэширование preflight-ответов на 20 дней (1728000 секунд)
|
||||
|
|
@ -24,13 +24,6 @@ limit_req_zone $binary_remote_addr zone=req_zone:10m rate=20r/s;
|
|||
{{ $upstream_port := index $port_map_list 2 }}
|
||||
|
||||
server {
|
||||
log_format cors '$remote_addr - $remote_user [$time_local] '
|
||||
'"$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent" '
|
||||
'"$http_origin" "$allow_origin"';
|
||||
|
||||
access_log /var/log/nginx/cors-debug.log cors;
|
||||
|
||||
{{ if eq $scheme "http" }}
|
||||
listen [::]:{{ $listen_port }};
|
||||
listen {{ $listen_port }};
|
||||
|
|
@ -38,7 +31,6 @@ server {
|
|||
access_log /var/log/nginx/{{ $.APP }}-access.log;
|
||||
error_log /var/log/nginx/{{ $.APP }}-error.log;
|
||||
client_max_body_size 100M;
|
||||
|
||||
{{ else if eq $scheme "https" }}
|
||||
listen [::]:{{ $listen_port }} ssl http2;
|
||||
listen {{ $listen_port }} ssl http2;
|
||||
|
|
@ -57,7 +49,6 @@ server {
|
|||
client_max_body_size 100M;
|
||||
{{ end }}
|
||||
|
||||
|
||||
location / {
|
||||
proxy_pass http://{{ $.APP }}-{{ $upstream_port }};
|
||||
{{ $proxy_settings }}
|
||||
|
|
@ -79,63 +70,60 @@ server {
|
|||
proxy_cache_background_update on;
|
||||
proxy_cache_lock on;
|
||||
|
||||
# Connections and request limits increase (bad for DDos)
|
||||
limit_conn addr 10000;
|
||||
limit_req zone=req_zone burst=10 nodelay;
|
||||
}
|
||||
|
||||
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
|
||||
expires 30d; # This means that the client can cache these resources for 30 days.
|
||||
add_header Cache-Control "public, no-transform";
|
||||
expires 30d;
|
||||
add_header Cache-Control "public, no-transform";
|
||||
}
|
||||
|
||||
location ~* \.(mp3)$ {
|
||||
if ($request_method = 'GET') {
|
||||
add_header 'Access-Control-Allow-Origin' $allow_origin always;
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
|
||||
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
|
||||
add_header 'Access-Control-Allow-Credentials' 'true' always;
|
||||
}
|
||||
if ($request_method = 'GET') {
|
||||
add_header 'Access-Control-Allow-Origin' $allow_origin always;
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
|
||||
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
|
||||
add_header 'Access-Control-Allow-Credentials' 'true' always;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
error_page 400 401 402 403 405 406 407 408 409 410 411 412 413 414 415 416 417 418 420 422 423 424 426 428 429 431 444 449 450 451 /400-error.html;
|
||||
location /400-error.html {
|
||||
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
|
||||
internal;
|
||||
}
|
||||
location /400-error.html {
|
||||
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
|
||||
internal;
|
||||
}
|
||||
|
||||
error_page 404 /404-error.html;
|
||||
location /404-error.html {
|
||||
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
|
||||
internal;
|
||||
}
|
||||
error_page 404 /404-error.html;
|
||||
location /404-error.html {
|
||||
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
|
||||
internal;
|
||||
}
|
||||
|
||||
error_page 500 501 503 504 505 506 507 508 509 510 511 /500-error.html;
|
||||
location /500-error.html {
|
||||
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
|
||||
internal;
|
||||
}
|
||||
error_page 500 501 503 504 505 506 507 508 509 510 511 /500-error.html;
|
||||
location /500-error.html {
|
||||
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
|
||||
internal;
|
||||
}
|
||||
|
||||
error_page 502 /502-error.html;
|
||||
location /502-error.html {
|
||||
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
|
||||
internal;
|
||||
}
|
||||
error_page 502 /502-error.html;
|
||||
location /502-error.html {
|
||||
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
|
||||
internal;
|
||||
}
|
||||
|
||||
include {{ $.DOKKU_ROOT }}/{{ $.APP }}/nginx.conf.d/*.conf;
|
||||
include {{ $.DOKKU_ROOT }}/{{ $.APP }}/nginx.conf.d/*.conf;
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
|
||||
{{ range $upstream_port := $.PROXY_UPSTREAM_PORTS | split " " }}
|
||||
upstream {{ $.APP }}-{{ $upstream_port }} {
|
||||
{{ range $listeners := $.DOKKU_APP_WEB_LISTENERS | split " " }}
|
||||
{{ $listener_list := $listeners | split ":" }}
|
||||
{{ $listener_ip := index $listener_list 0 }}
|
||||
{{ $listener_port := index $listener_list 1 }}
|
||||
server {{ $listener_ip }}:{{ $upstream_port }};
|
||||
server {{ $listener_ip }}:{{ $upstream_port }};
|
||||
{{ end }}
|
||||
}
|
||||
{{ end }}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user