以前有基於openresty + pdf.js 實現了pdf 文件預覽的方案,但是對於阿里的oss 這個就有些不一樣了(因為oss 有安全簽名的處理)
問題說明
以前對於文件proxy 的配置
location /pdf {
proxy_redirect off;
# 開啟了跨域訪問,實際可以不用
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods GET, POST, PUT, DELETE, OPTIONS;
// 此處是核心
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_body_buffer_size 10M;
client_max_body_size 10G;
set $agent "Mozilla/5.0 (iPad; U; CPU OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5";
set_by_lua_block $oss_url {
local ossurl= ngx.req.get_uri_args()["ossurl"];
ngx.log(ngx.ERR, "error: ", ossurl)
return ossurl
}
proxy_buffers 1024 4k;
proxy_read_timeout 300;
proxy_connect_timeout 80;
proxy_set_header User-Agent $agent;
proxy_pass $oss_url;
# 配置cache
proxy_cache pdf;
proxy_cache_key $scheme$proxy_host$uri$is_args$args;
proxy_cache_valid 200 304 302 24h;
}
解決方法
對於host 的傳遞使用$proxy_host 變量,這樣可以保證傳遞的host 是正確的,oss 簽名校驗就沒問題了,參考配置
location /pdf {
proxy_redirect off;
# 開啟了跨域訪問,實際可以不用
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods GET, POST, PUT, DELETE, OPTIONS;
proxy_set_header Host $proxy_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_body_buffer_size 10M;
client_max_body_size 10G;
set $agent "Mozilla/5.0 (iPad; U; CPU OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5";
set_by_lua_block $oss_url {
local ossurl= ngx.req.get_uri_args()["ossurl"];
ngx.log(ngx.ERR, "error: ", ossurl)
return ossurl
}
proxy_buffers 1024 4k;
proxy_read_timeout 300;
proxy_connect_timeout 80;
proxy_set_header User-Agent $agent;
proxy_pass $oss_url;
# 配置cache
proxy_cache pdf;
proxy_cache_key $scheme$proxy_host$uri$is_args$args;
proxy_cache_valid 200 304 302 24h;
}
參考資料
https://www.cnblogs.com/rongfengliang/p/13693067.html
http://nginx.org/en/docs/varindex.html
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#var_proxy_host