From a73cb9dab88591b09e2a96244d2ed1e78762e997 Mon Sep 17 00:00:00 2001 From: zjcqoo Date: Mon, 15 Jul 2019 20:20:24 +0800 Subject: [PATCH] update --- api.conf | 36 ++++++++++++++++++++++++++---------- i.sh | 2 +- lua/http-enc-res-hdr.lua | 18 ++++++++++++++---- nginx.conf | 7 +++++-- upload.sh | 5 +++-- www/.gitignore | 3 +-- 6 files changed, 50 insertions(+), 21 deletions(-) diff --git a/api.conf b/api.conf index 66aeae8..5a261e3 100644 --- a/api.conf +++ b/api.conf @@ -1,12 +1,3 @@ -if ($_origin_id = '') { - return 403 'ERROR: origin `$http_origin` is not allowed'; -} -if ($http_x_jsproxy) { - return 500 'ERROR: circular dependency'; -} -proxy_set_header x-jsproxy 1; -proxy_set_header Connection $http_connection; - set $_level ''; set $_switched ''; set $_url ''; @@ -16,6 +7,20 @@ set $_type ''; set $_mode ''; set $_bodyhash ''; +error_page 500 502 504 /error; + +location = /error { + internal; + access_log off; + more_set_headers + 'access-control-allow-origin: *' + 'access-control-expose-headers: gateway-err--' + 'gateway-err--: {"msg": "$arg_msg", "addr": "$upstream_addr"}' + ; + return 200; +} + + location = /preflight { internal; access_log off; @@ -31,8 +36,19 @@ location = /preflight { # HTTP(S) Proxy location = /http { + # see ./allowed-sites.conf + if ($_origin_id = '') { + rewrite ^ /error?msg=ORIGIN_NOT_ALLOWED; + } + if ($http_x_jsproxy) { + rewrite ^ /error?msg=CIRCULAR_DEPENDENCY; + } + proxy_set_header x-jsproxy 1; + proxy_set_header Connection $http_connection; + + if ($http_access_control_request_headers) { - rewrite ^ /preflight; + rewrite ^ /preflight; } access_by_lua_file ../lua/http-dec-req-hdr.lua; diff --git a/i.sh b/i.sh index 44cc0ad..68c50a7 100755 --- a/i.sh +++ b/i.sh @@ -57,7 +57,7 @@ gen_cert() { ip=$(curl -s $i) if [[ ! $ip ]]; then - warn "获取失败" + warn "获取失败" continue fi diff --git a/lua/http-enc-res-hdr.lua b/lua/http-enc-res-hdr.lua index 9913e51..bfc4fe0 100644 --- a/lua/http-enc-res-hdr.lua +++ b/lua/http-enc-res-hdr.lua @@ -23,17 +23,27 @@ end local function flushHdr() if detail then - expose = expose .. ',--s' + if status ~= 200 then + expose = expose .. ',--s' + end -- 该字段不在 aceh 中,如果浏览器能读取到,说明支持 * 通配 ngx.header['--t'] = '1' end - local status = ngx.status - ngx.header['access-control-expose-headers'] = expose ngx.header['access-control-allow-origin'] = '*' ngx.header['vary'] = vary - ngx.header['--s'] = status + + local status = ngx.status + + -- 前端优先使用该字段作为状态码 + if status ~= 200 then + ngx.header['--s'] = status + end + + -- 保留原始状态码,便于控制台调试 + -- 例如 404 显示红色,如果统一设置成 200 则没有颜色区分 + -- 需要转义 30X 重定向,否则不符合 cors 标准 if status == 301 or status == 302 or diff --git a/nginx.conf b/nginx.conf index 37a6d2e..27c1987 100644 --- a/nginx.conf +++ b/nginx.conf @@ -35,7 +35,7 @@ http { proxy_cache_path cache levels=1:2 keys_zone=my_cache:32m - max_size=20g + max_size=16g inactive=6h use_temp_path=off ; @@ -45,7 +45,10 @@ http { proxy_buffer_size 16k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; - proxy_send_timeout 10s; + proxy_send_timeout 30s; + proxy_read_timeout 30s; + proxy_connect_timeout 10s; + proxy_ssl_verify on; lua_load_resty_core off; diff --git a/upload.sh b/upload.sh index a8b694d..bcaf293 100755 --- a/upload.sh +++ b/upload.sh @@ -4,8 +4,9 @@ HOST=etherdream.com NODE=( aliyun-hk-0 - aliyun-hk-2 - aliyun-hk-3 + aliyun-hk-1 + # aliyun-hk-2 + # aliyun-hk-3 aliyun-hk-4 aliyun-sg ) diff --git a/www/.gitignore b/www/.gitignore index 02c52c7..c4176d2 100644 --- a/www/.gitignore +++ b/www/.gitignore @@ -1,3 +1,2 @@ * -!README.md -!.gitignore \ No newline at end of file +!README.md \ No newline at end of file