Nginx 不转发 Http Header 头信息问题

  情况就是跟前端约定自定义的 Header 头的 key 为:xxxx_xxxx 格式,注意中间的下划线,直接访问服务所在端口是可以拿到 Header 头信息,经过 Nginx 转发就拿不到了。

  • 原 Nginx 配置
server {
        listen       80;
        server_name  xxx.com;
        index index.html index.htm index.php;

        return 307 https://$host$request_uri;

        location / {
                proxy_pass http://localhost:8090;
                proxy_redirect off;
                proxy_set_header Host $host:$server_port;
        }
}

### HTTPS server
server {
    listen 443 ssl;
    server_name xxx.com;
    index index.html index.htm;
    ssl_certificate   /usr/local/nginx/ssl/****.pem;
    ssl_certificate_key  /usr/local/nginx/ssl/****.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    client_max_body_size 1024M;

    fastcgi_connect_timeout 1200s;#原设置为300s
    fastcgi_send_timeout 1200s;#原设置为300s
    fastcgi_read_timeout 1200s;#原设置为300s
    proxy_read_timeout 300s;
    client_body_timeout 500s;
    send_timeout 500s;

    location / {

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_pass    http://127.0.0.1:6790;

    }
}

  查了一下官方资料,默认是忽略掉无效的标题字段
  

  Controls whether header fields with invalid names should be ignored. Valid names are composed of English letters, digits, hyphens, and possibly underscores (as controlled by the underscores_in_headers directive).
  If the directive is specified on the server level, its value is only used if a server is a default one. The value specified also applies to all virtual servers listening on the same address and port.

  所以这里只需要加上参数:ignore_invalid_headers off; 即可,此参数默认值为:on。修改后的 Nginx 配置:
  

server {
        listen       80;
        server_name  xxx.com;
        index index.html index.htm index.php;

        return 307 https://$host$request_uri;

        location / {
                proxy_pass http://localhost:8090;
                proxy_redirect off;
                proxy_set_header Host $host:$server_port;
        }
}

### HTTPS server
server {
    listen 443 ssl;
    server_name xxx.com;
    index index.html index.htm;
    ssl_certificate   /usr/local/nginx/ssl/****.pem;
    ssl_certificate_key  /usr/local/nginx/ssl/****.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    client_max_body_size 1024M;

    fastcgi_connect_timeout 1200s;#原设置为300s
    fastcgi_send_timeout 1200s;#原设置为300s
    fastcgi_read_timeout 1200s;#原设置为300s
    proxy_read_timeout 300s;
    client_body_timeout 500s;
    send_timeout 500s;

    # 忽略验证 Header
    ignore_invalid_headers off;

    location / {

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_pass    http://127.0.0.1:6790;

    }
}

  还有一个参数:underscores_in_headers;代表着在客户端请求标头字段中启用或禁用下划线,禁止使用下划线时,名称中包含下划线的请求标头字段将被标记为无效,并受 ignore_invalid_headers 指令的约束。默认为:off

发表评论

电子邮件地址不会被公开。 必填项已用*标注