我有一个在tomcat中运行的应用程序,它正在http://localhost:8080中监听。
现在我已经使用它上面的nginx将https流量重定向到tomcat以及cors过滤器设置。但由于某种原因,所有请求都可以从任何IP地址开始工作。
相反,它只应在请求来自指定域名
时才有效nginx设置如下,
server {
listen 8080;
server_name example.com:8080;
ssl on;
ssl_certificate /etc/ssl/cacert.pem;
ssl_certificate_key /etc/ssl/privatekey.pem;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
server_tokens off;
index index.html;
include mime.types;
location / {
# Simple requests
if ($request_method ~* "(GET|POST)") {
add_header "Access-Control-Allow-Origin" "https://example.com";
}
# Preflighted requests
if ($request_method = OPTIONS ) {
add_header "Access-Control-Allow-Origin" "https://example.com";
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
return 200;
}
proxy_pass http://127.0.0.1:8080/;
}
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}