1、nginx 或者tomcat 下 X-Content-Type-Options、X-XSS-Protection、Content-Security-Pol安全配置
add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff";
参考:https://blog.csdn.net/weixin_41986096/article/details/108319848
2、nginx: [emerg] unknown "connection_upgrade" variable解决与思考
http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
location / {
#…
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
}
参考:https://segmentfault.com/a/1190000018712908
3、Nginx: Connection reset by peer 错误定位
https://blog.csdn.net/zzhongcy/article/details/89090193
4、nginx设置反向代理,获取真实客户端ip
upstream这个模块提供一个简单方法来实现在轮询和客户端IP之间的后端服务器负荷平衡。
upstream abc.com {
server 127.0.0.1:8080;
server 127.0.0.1:80;
server 127.0.0.1:8000;
}
server {
listen 80;
server_name www.test.com;
location / {
proxy_pass http://abc.com;
proxy_set_header Host $host;#保留代理之前的host
proxy_set_header X-Real-IP $remote_addr;#保留代理之前的真实客户端ip
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr;#在多级代理的情况下,记录每次代理之前的客户端真实ip
proxy_redirect default;#指定修改被代理服务器返回的响应头中的location头域跟refresh头域数值
}
}
5、302
location = /iot {
return 302 /iot/;
}
location /iot/ {
root html;
index index.html index.htm;
proxy_pass http://192.168.131.63:30104/;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 32 32k;
proxy_busy_buffers_size 128k;
proxy_set_header X-Forwarded-Proto https;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
6、使用nginx 代理,后端通过request获取header自定义头信息为null问题
使用nginx 代理,后端通过request 方式获取自定义header头信息一直获取不到,后来百度到nginx有个坑,自定义header参数名称不能带下横线,默认被过滤了。
只要在nginx 的 nginx.conf 配置文件中加入如下代码就可以了
underscores_in_headers on;
默认是 off;
参考:https://blog.csdn.net/keizhige/article/details/106055325