nginx作为反向代理会丢失Cookie

时间:2020-07-05 08:24:04

标签: asp.net-core nginx cookies reverse-proxy

我正在尝试将Nginx设置为Web应用程序的反向代理。 方案:

    服务器主机上的
  1. nginx接收请求并将其传输到另一个主机
  2. nginx用作HTTPS(全球使用的通配符证书),Web应用程序用作HTTP
  3. 在这个阶段,我不需要nginx缓存(至少在试图弄清楚如何使其工作时)
  4. nginx将所有HTTP流量重定向到HTTPS
  5. nginx阻止无主机请求

这是一个配置:

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

    ssl_certificate             ./certs/my_domain.crt;
    ssl_certificate_key         ./certs/my_domain.key;
    ssl_prefer_server_ciphers   on;
    ssl_session_cache           shared:SSL:10m;
    ssl_session_timeout         10m;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    server {
        listen  80;
        return  444;
    }

    server {
        listen      80;
        server_name my_domain.com www.my_domain.com *.my_domain.com;
        return      301 https://$host$request_uri;
    }

    server {
        listen      443 ssl;
        server_name my_domain.com;

        location / {
            root    html;
            index   index.html index.htm;
        }
    }

    server {
        listen      443 ssl;
        server_name expert.my_domain.com;

        location / {
            proxy_pass          http://192.168.0.83:50000;
            proxy_http_version  1.1;
            proxy_set_header    Upgrade $http_upgrade;
            proxy_set_header    Connection keep-alive;
            proxy_set_header    Host $host;
            proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header    X-Forwarded-Proto $scheme;
        }
    }
}

在查看nginx文档时,我注意到必须显式打开缓存(默认情况下,proxy_cache关闭)。但是我不确定是否需要采取其他措施将其完全关闭。

序列:

  1. 通过nginx登录到Web应用
  2. 授权并获取Cookie
  3. 使用应用打开第二个标签
  4. 从步骤(2)中获取cookie
  5. 刷新页面
  6. 松散cookie(??)

这是步骤(3)之后的结果:

Request Method: GET
Request Scheme: https
Request Path: /
Request Headers:
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7,ky;q=0.6
Cookie: .AspNetCore.Identity.Application=*** LONG ASP NET CORE IDENTITY COOKIE ***
Host: expert.my_domain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Upgrade-Insecure-Requests: 1
X-Original-Proto: http
X-Real-IP: 192.168.0.83
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
X-Original-For: [::ffff:192.168.0.12]:54035

其中有cookie和其他东西。 简单刷新后的外观如下:

Request Method: GET
Request Scheme: https
Request Path: /
Request Headers:
Cache-Control: max-age=0
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7,ky;q=0.6
Host: expert.my_domain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Upgrade-Insecure-Requests: 1
X-Original-Proto: http
X-Real-IP: 192.168.0.83
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
X-Original-For: [::ffff:192.168.0.12]:54038

请注意缺少cookie部分。

我相信这与缓存有关。似乎在另一个标签页中打开页面后,浏览器(在本例中为Chrome)向我显示了存在cookie的缓存版本。不确定是谁缓存了-nginx或chrome。然后飞快地消失了。

为什么我认为这是nginx的问题?直接在应用程序中执行相同操作时,不会出现任何问题。它完全可以正常工作。

这里可能缺少什么?是否涉及缓存问题?如何完全禁用Nginx的缓存?

0 个答案:

没有答案
相关问题
最新问题