情况就是跟前端约定自定义的 Header 头的 key 为:
xxxx_xxxx格式,注意中间的下划线,直接访问服务所在端口是可以拿到 Header 头信息,经过 Nginx 转发就拿不到了。
- 原 Nginx 配置
server {
listen 80;
server_name xxx.com;
index index.html index.htm index.php;
return 307 https://$host$request_uri;
location / {
proxy_pass http://localhost:8090;
proxy_redirect off;
proxy_set_header Host $host:$server_port;
}
}
### HTTPS server
server {
listen 443 ssl;
server_name xxx.com;
index index.html index.htm;
ssl_certificate /usr/local/nginx/ssl/****.pem;
ssl_certificate_key /usr/local/nginx/ssl/****.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
client_max_body_size 1024M;
fastcgi_connect_timeout 1200s;#原设置为300s
fastcgi_send_timeout 1200s;#原设置为300s
fastcgi_read_timeout 1200s;#原设置为300s
proxy_read_timeout 300s;
client_body_timeout 500s;
send_timeout 500s;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:6790;
}
}
查了一下官方资料,默认是忽略掉无效的标题字段。
Controls whether header fields with invalid names should be ignored. Valid names are composed of English letters, digits, hyphens, and possibly underscores (as controlled by the underscores_in_headers directive).
If the directive is specified on the server level, its value is only used if a server is a default one. The value specified also applies to all virtual servers listening on the same address and port.
所以这里只需要加上参数:ignore_invalid_headers off; 即可,此参数默认值为:on。修改后的 Nginx 配置:
server {
listen 80;
server_name xxx.com;
index index.html index.htm index.php;
return 307 https://$host$request_uri;
location / {
proxy_pass http://localhost:8090;
proxy_redirect off;
proxy_set_header Host $host:$server_port;
}
}
### HTTPS server
server {
listen 443 ssl;
server_name xxx.com;
index index.html index.htm;
ssl_certificate /usr/local/nginx/ssl/****.pem;
ssl_certificate_key /usr/local/nginx/ssl/****.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
client_max_body_size 1024M;
fastcgi_connect_timeout 1200s;#原设置为300s
fastcgi_send_timeout 1200s;#原设置为300s
fastcgi_read_timeout 1200s;#原设置为300s
proxy_read_timeout 300s;
client_body_timeout 500s;
send_timeout 500s;
# 忽略验证 Header
ignore_invalid_headers off;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:6790;
}
}
还有一个参数:underscores_in_headers;代表着在客户端请求标头字段中启用或禁用下划线,禁止使用下划线时,名称中包含下划线的请求标头字段将被标记为无效,并受 ignore_invalid_headers 指令的约束。默认为:off
文章评论