下文的论述都以下面的配置为例子
location ^~ /p/security {
rewrite /p/security/(.*) /security/$1 break;
proxy_pass http://security:8080;
proxy_redirect off;
proxy_set_header Host $host;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
}
- 如果dns无法解析,nginx则无法启动
- security如果无法解析,那么nginx则无法启动
- DNS缓存问题:
- nginx启动时,如果将security dns解析为1.2.3.4。如果security的ip地址变了。nginx不会自动解析新的ip地址,导致反向代理报错504。
- 反向代理的DNS缓存问题务必重视
- 跨域头配置的always
- 反向代理一般都是希望允许跨域的。如果不加always,那么只会对成功的请求加跨域头,失败的请求则不会。
关于**‘Access-Control-Allow-Origin’ ‘*’,如果后端服务本身就带有这个头,那么如果你在nginx中再添加这个头,就会在浏览器中遇到下面的报错。而解决办法就是不要在nginx中设置这个头。**
Access to fetch at 'http://192.168.40.107:31088/p/security/v2/login'
from origin 'http://localhost:5000' has been blocked by CORS policy:
Response to preflight request doesn't pass access control check:
The 'Access-Control-Allow-Origin' header contains multiple values '*, *',
but only one is allowed. Have the server send the header with a valid value,
or, if an opaque response serves your needs, set the request's mode to
'no-cors' to fetch the resource with CORS disabled.