|
|
@@ -1,7 +1,6 @@
|
|
|
server {
|
|
|
listen 80;
|
|
|
listen [::]:80;
|
|
|
- # ========== 重点修改1:把 localhost 改成你的前端域名 ==========
|
|
|
server_name bmsm27.kptyun.com;
|
|
|
|
|
|
gzip on;
|
|
|
@@ -9,41 +8,48 @@ server {
|
|
|
gzip_comp_level 6;
|
|
|
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
|
|
|
|
|
+ # 前端静态资源配置
|
|
|
location / {
|
|
|
root /usr/share/nginx/html;
|
|
|
try_files $uri $uri/ /index.html;
|
|
|
client_max_body_size 300m;
|
|
|
client_body_timeout 20s;
|
|
|
+ # 静态资源缓存控制
|
|
|
+ add_header Cache-Control "no-cache, no-store, must-revalidate";
|
|
|
+ add_header Pragma no-cache;
|
|
|
+ add_header Expires 0;
|
|
|
}
|
|
|
|
|
|
- # ========== 核心新增:后端接口代理转发规则(解决跨域的关键,必加) ==========
|
|
|
- # 匹配你的后端所有接口,比如 /auth /api /xxx 等全部走这个代理
|
|
|
- location ^~ /auth {
|
|
|
- # 代理转发到你的后端真实接口地址
|
|
|
- proxy_pass http://bmsm278082.kptyun.com/auth;
|
|
|
- # 下面是代理必备的请求头,缺一不可,解决跨域+接口正常通信
|
|
|
- proxy_set_header Host $host;
|
|
|
+ # 核心:适配 frp 转发的跨域代理配置
|
|
|
+ location ~* ^/(auth|api)/ {
|
|
|
+ # 转发到后端真实接口
|
|
|
+ proxy_pass http://bmsm278082.kptyun.com$request_uri;
|
|
|
+ # 保留真实请求信息,适配 frp 转发
|
|
|
+ proxy_set_header Host $http_host;
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
- proxy_connect_timeout 60s;
|
|
|
- proxy_read_timeout 60s;
|
|
|
- # 解决预检OPTIONS请求跨域
|
|
|
- add_header Access-Control-Allow-Origin *;
|
|
|
- add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS, PUT, DELETE';
|
|
|
- add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
|
|
|
+ proxy_set_header Origin $http_origin; # 关键:保留请求源
|
|
|
+
|
|
|
+ # 超时配置,防止 frp 转发超时
|
|
|
+ proxy_connect_timeout 120s;
|
|
|
+ proxy_read_timeout 120s;
|
|
|
+ proxy_send_timeout 120s;
|
|
|
+
|
|
|
+ # ========== 跨域核心配置(适配 frp 转发,永不丢失跨域头) ==========
|
|
|
+ add_header Access-Control-Allow-Origin $http_origin always;
|
|
|
+ add_header Access-Control-Allow-Credentials true always;
|
|
|
+ add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS, PUT, DELETE, PATCH' always;
|
|
|
+ add_header Access-Control-Allow-Headers 'Authorization, Content-Type, Token, X-Requested-With, Accept, Origin' always;
|
|
|
+ add_header Access-Control-Expose-Headers 'Content-Length, Content-Type' always;
|
|
|
+
|
|
|
+ # 直接处理 OPTIONS 预检请求,不转发到后端(关键优化)
|
|
|
if ($request_method = 'OPTIONS') {
|
|
|
return 204;
|
|
|
}
|
|
|
}
|
|
|
|
|
|
- # 【可选】如果你的后端还有其他接口,比如 /api/** ,就加这个规则,格式和上面一致
|
|
|
- # location ^~ /api {
|
|
|
- # proxy_pass http://bmsm278082.kptyun.com/api;
|
|
|
- # proxy_set_header Host $host;
|
|
|
- # proxy_set_header X-Real-IP $remote_addr;
|
|
|
- # }
|
|
|
-
|
|
|
+ # 错误页面配置
|
|
|
error_page 500 502 503 504 /50x.html;
|
|
|
location = /50x.html {
|
|
|
root /usr/share/nginx/html;
|
