1、nginx 或者tomcat 下 X-Content-Type-Options、X-XSS-Protection、Content-Security-Pol安全配置
add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff";
參考:https://blog.csdn.net/weixin_41986096/article/details/108319848
2、nginx: [emerg] unknown "connection_upgrade" variable解決與思考
http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
location / {
#…
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
}
參考:https://segmentfault.com/a/1190000018712908
3、Nginx: Connection reset by peer 錯誤定位
https://blog.csdn.net/zzhongcy/article/details/89090193
4、nginx設置反向代理,獲取真實客戶端ip
upstream這個模塊提供一個簡單方法來實現在輪詢和客戶端IP之間的后端服務器負荷平衡。
upstream abc.com {
server 127.0.0.1:8080;
server 127.0.0.1:80;
server 127.0.0.1:8000;
}
server {
listen 80;
server_name www.test.com;
location / {
proxy_pass http://abc.com;
proxy_set_header Host $host;#保留代理之前的host
proxy_set_header X-Real-IP $remote_addr;#保留代理之前的真實客戶端ip
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr;#在多級代理的情況下,記錄每次代理之前的客戶端真實ip
proxy_redirect default;#指定修改被代理服務器返回的響應頭中的location頭域跟refresh頭域數值
}
}
5、302
location = /iot {
return 302 /iot/;
}
location /iot/ {
root html;
index index.html index.htm;
proxy_pass http://192.168.131.63:30104/;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 32 32k;
proxy_busy_buffers_size 128k;
proxy_set_header X-Forwarded-Proto https;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
6、使用nginx 代理,后端通過request獲取header自定義頭信息為null問題
使用nginx 代理,后端通過request 方式獲取自定義header頭信息一直獲取不到,后來百度到nginx有個坑,自定義header參數名稱不能帶下橫線,默認被過濾了。
只要在nginx 的 nginx.conf 配置文件中加入如下代碼就可以了
underscores_in_headers on;
默認是 off;
參考:https://blog.csdn.net/keizhige/article/details/106055325