fix(nginx): 修复 CORS 配置,将 add_header 移出 if 块
nginx 不允许在 if 块中使用 add_header 指令, 将 CORS 配置提取到独立的 snippets/cors-params.conf 文件。 修改内容: - 新增 cors-params.conf 配置文件 - 在每个 location 块中引入 cors-params.conf - 从 server 块移除内联的 CORS 配置 - 更新目录结构说明和部署步骤 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Developer
parent
6da6dba3f9
commit
01e192ea17
|
|
@ -129,6 +129,7 @@
|
|||
│ └── rwaapi.szaiai.com.conf → ../sites-available/rwaapi.szaiai.com.conf
|
||||
└── snippets/ # 可复用配置片段
|
||||
├── proxy-params.conf # 代理参数
|
||||
├── cors-params.conf # CORS 跨域配置
|
||||
└── ssl-params.conf # SSL 安全参数
|
||||
|
||||
/etc/letsencrypt/live/rwaapi.szaiai.com/ # Let's Encrypt SSL 证书 (自动管理)
|
||||
|
|
@ -213,7 +214,28 @@ proxy_buffers 8 4k;
|
|||
proxy_busy_buffers_size 8k;
|
||||
```
|
||||
|
||||
### 3.4 SSL 安全参数 `/etc/nginx/snippets/ssl-params.conf`
|
||||
### 3.4 CORS 配置 `/etc/nginx/snippets/cors-params.conf`
|
||||
|
||||
```nginx
|
||||
# CORS 预检请求处理
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header 'Access-Control-Allow-Origin' '*' always;
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
|
||||
add_header 'Access-Control-Max-Age' 1728000;
|
||||
add_header 'Content-Type' 'text/plain; charset=utf-8';
|
||||
add_header 'Content-Length' 0;
|
||||
return 204;
|
||||
}
|
||||
|
||||
# CORS 响应头
|
||||
add_header 'Access-Control-Allow-Origin' '*' always;
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
|
||||
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
|
||||
```
|
||||
|
||||
### 3.5 SSL 安全参数 `/etc/nginx/snippets/ssl-params.conf`
|
||||
|
||||
```nginx
|
||||
# SSL 会话配置
|
||||
|
|
@ -230,7 +252,7 @@ ssl_prefer_server_ciphers off;
|
|||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
```
|
||||
|
||||
### 3.5 API 网关配置 `/etc/nginx/sites-available/rwaapi.szaiai.com.conf`
|
||||
### 3.6 API 网关配置 `/etc/nginx/sites-available/rwaapi.szaiai.com.conf`
|
||||
|
||||
```nginx
|
||||
# ============================================
|
||||
|
|
@ -299,23 +321,6 @@ server {
|
|||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
# CORS 配置
|
||||
add_header 'Access-Control-Allow-Origin' '*' always;
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
|
||||
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
|
||||
|
||||
# 处理 OPTIONS 预检请求
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
|
||||
add_header 'Access-Control-Max-Age' 1728000;
|
||||
add_header 'Content-Type' 'text/plain; charset=utf-8';
|
||||
add_header 'Content-Length' 0;
|
||||
return 204;
|
||||
}
|
||||
|
||||
# 限流
|
||||
limit_req zone=api_limit burst=20 nodelay;
|
||||
limit_conn conn_limit 10;
|
||||
|
|
@ -336,11 +341,13 @@ server {
|
|||
# GET /api/v1/user/profile - 获取用户信息
|
||||
# ============================================
|
||||
location /api/v1/user {
|
||||
include snippets/cors-params.conf;
|
||||
proxy_pass http://identity_service/api/v1/user;
|
||||
include snippets/proxy-params.conf;
|
||||
}
|
||||
|
||||
location /api/v1/auth {
|
||||
include snippets/cors-params.conf;
|
||||
proxy_pass http://identity_service/api/v1/auth;
|
||||
include snippets/proxy-params.conf;
|
||||
}
|
||||
|
|
@ -351,18 +358,21 @@ server {
|
|||
# POST /api/v1/wallet/create - 创建钱包
|
||||
# ============================================
|
||||
location /api/v1/wallet {
|
||||
include snippets/cors-params.conf;
|
||||
proxy_pass http://wallet_service/api/v1/wallet;
|
||||
include snippets/proxy-params.conf;
|
||||
}
|
||||
|
||||
# Trading - 交易
|
||||
location /api/v1/trading {
|
||||
include snippets/cors-params.conf;
|
||||
proxy_pass http://wallet_service/api/v1/trading;
|
||||
include snippets/proxy-params.conf;
|
||||
}
|
||||
|
||||
# Deposit - 充值
|
||||
location /api/v1/deposit {
|
||||
include snippets/cors-params.conf;
|
||||
proxy_pass http://wallet_service/api/v1/deposit;
|
||||
include snippets/proxy-params.conf;
|
||||
}
|
||||
|
|
@ -373,6 +383,7 @@ server {
|
|||
# POST /api/v1/planting/submit - 提交认种
|
||||
# ============================================
|
||||
location /api/v1/planting {
|
||||
include snippets/cors-params.conf;
|
||||
proxy_pass http://planting_service/api/v1/planting;
|
||||
include snippets/proxy-params.conf;
|
||||
}
|
||||
|
|
@ -383,11 +394,13 @@ server {
|
|||
# GET /api/v1/community/referrals - 获取推荐列表
|
||||
# ============================================
|
||||
location /api/v1/referral {
|
||||
include snippets/cors-params.conf;
|
||||
proxy_pass http://referral_service/api/v1/referral;
|
||||
include snippets/proxy-params.conf;
|
||||
}
|
||||
|
||||
location /api/v1/community {
|
||||
include snippets/cors-params.conf;
|
||||
proxy_pass http://referral_service/api/v1/community;
|
||||
include snippets/proxy-params.conf;
|
||||
}
|
||||
|
|
@ -399,11 +412,13 @@ server {
|
|||
# POST /api/v1/mining/claim - 领取奖励
|
||||
# ============================================
|
||||
location /api/v1/mining {
|
||||
include snippets/cors-params.conf;
|
||||
proxy_pass http://reward_service/api/v1/mining;
|
||||
include snippets/proxy-params.conf;
|
||||
}
|
||||
|
||||
location /api/v1/reward {
|
||||
include snippets/cors-params.conf;
|
||||
proxy_pass http://reward_service/api/v1/reward;
|
||||
include snippets/proxy-params.conf;
|
||||
}
|
||||
|
|
@ -414,11 +429,13 @@ server {
|
|||
# GET /api/v1/ranking/weekly - 周榜
|
||||
# ============================================
|
||||
location /api/v1/ranking {
|
||||
include snippets/cors-params.conf;
|
||||
proxy_pass http://leaderboard_service/api/ranking;
|
||||
include snippets/proxy-params.conf;
|
||||
}
|
||||
|
||||
location /api/v1/leaderboard {
|
||||
include snippets/cors-params.conf;
|
||||
proxy_pass http://leaderboard_service/api/leaderboard;
|
||||
include snippets/proxy-params.conf;
|
||||
}
|
||||
|
|
@ -430,11 +447,13 @@ server {
|
|||
# POST /api/v1/telemetry/events - 事件上报
|
||||
# ============================================
|
||||
location /api/v1/telemetry {
|
||||
include snippets/cors-params.conf;
|
||||
proxy_pass http://reporting_service/api/v1/telemetry;
|
||||
include snippets/proxy-params.conf;
|
||||
}
|
||||
|
||||
location /api/v1/report {
|
||||
include snippets/cors-params.conf;
|
||||
proxy_pass http://reporting_service/api/v1/report;
|
||||
include snippets/proxy-params.conf;
|
||||
}
|
||||
|
|
@ -965,6 +984,7 @@ certbot certonly --standalone -d rwaapi.szaiai.com
|
|||
# 将上面的配置文件复制到对应目录:
|
||||
# - nginx.conf → /etc/nginx/nginx.conf
|
||||
# - proxy-params.conf → /etc/nginx/snippets/proxy-params.conf
|
||||
# - cors-params.conf → /etc/nginx/snippets/cors-params.conf
|
||||
# - ssl-params.conf → /etc/nginx/snippets/ssl-params.conf
|
||||
# - rwaapi.szaiai.com.conf → /etc/nginx/sites-available/rwaapi.szaiai.com.conf
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue