跨域配置
跨域可以通过配置nginx的方案解决,配置后通过 http://ip:3030/rest 访问。
跨域配置
在 Nginx 中配置跨域资源共享(CORS,Cross-Origin Resource Sharing)允许不同来源的客户端访问你的资源。通过正确配置 HTTP 响应头,Nginx 可以让浏览器允许跨域请求。以下是配置跨域的几种常见方案:
nginx.conf 文件所在位置: app/airiot/web/nginx.conf 。
跨域配置,在一些环境实践,可以只配置 OPTIONS 部分:
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Origin, *' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
if ($request_method = 'OPTIONS') {
# 添加 CORS 头,确保只设置一次
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Origin, *';
add_header 'Access-Control-Allow-Credentials' 'true';
return 204;
}
1. 单项目版本参考
可以在 nginx.conf 中添加如下配置:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 100000;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 8;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary off;
gzip_disable "MSIE [1-6]\.";
fastcgi_intercept_errors on;
proxy_intercept_errors on;
server_tokens off;
server {
listen 80;
server_name localhost;
keepalive_timeout 180;
client_header_timeout 180;
client_body_timeout 180;
client_max_body_size 10240M;
client_header_buffer_size 512k;
large_client_header_buffers 4 512k;
charset utf-8;
error_page 404 /404.html;
location /404.html {
root /usr/share/nginx/html;
try_files $uri /404.html;
}
location /404 {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Origin, *' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
if ($request_method = 'OPTIONS') {
# 添加 CORS 头,确保只设置一次
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Origin, *';
add_header 'Access-Control-Allow-Credentials' 'true';
return 204;
}
proxy_pass http://traefik:80/front/404;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /rest/front {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Origin, *' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
if ($request_method = 'OPTIONS') {
# 添加 CORS 头,确保只设置一次
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Origin, *';
add_header 'Access-Control-Allow-Credentials' 'true';
return 204;
}
proxy_pass http://traefik:80/front;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ^~ /rest/static {
alias /usr/share/nginx/html/static/;
}
location /rest/ {
set $http_method $request_method;
if ($http_x_request_http_method = "DELETE") {
set $http_method $http_x_request_http_method;
}
if ($http_x_request_http_method = "PUT") {
set $http_method $http_x_request_http_method;
}
if ($http_x_request_http_method = "PATCH") {
set $http_method $http_x_request_http_method;
}
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Origin, *' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
if ($request_method = 'OPTIONS') {
# 添加 CORS 头,确保只设置一次
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Origin, *';
add_header 'Access-Control-Allow-Credentials' 'true';
return 204;
}
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection 1;
add_header Content-Security-Policy "default-src 'self'; style-src * 'unsafe-inline'; img-src * data:; object-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; font-src * data:; worker-src * blob:;";
add_header Referrer-Policy value;
add_header X-Permitted-Cross-Domain-Policies value;
add_header X-Download-Options value;
add_header X-Frame-Options SAMEORIGIN;
add_header Strict-Transport-Security value;
proxy_method $http_method;
proxy_pass http://traefik:80/;
proxy_read_timeout 300;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
error_page 404 /404;
}
location /ws {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Origin, *' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
if ($request_method = 'OPTIONS') {
# 添加 CORS 头,确保只设置一次
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Origin, *';
add_header 'Access-Control-Allow-Credentials' 'true';
return 204;
}
proxy_pass http://traefik:80/core/ws;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
root /usr/share/nginx/html;
index index.html index.htm;
#try_files $uri /index.html;
try_files $uri /rest/front/static/index;
}
location /admin {
root /usr/share/nginx/html;
index index.html index.htm;
#try_files $uri /index.html;
try_files $uri /rest/front/static/admin;
}
location ~ /ISAPI|SDK/ {
if ($http_cookie ~ "webVideoCtrlProxy=(.+)") {
proxy_pass http://$cookie_webVideoCtrlProxy;
break;
}
}
location ^~ /webSocketVideoCtrlProxy {
#web socket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
if ($http_cookie ~ "webVideoCtrlProxyWs=(.+)") {
proxy_pass http://$cookie_webVideoCtrlProxyWs/$cookie_webVideoCtrlProxyWsChannel?$args;
break;
}
if ($http_cookie ~ "webVideoCtrlProxyWss=(.+)") {
proxy_pass http://$cookie_webVideoCtrlProxyWss/$cookie_webVideoCtrlProxyWsChannel?$args;
break;
}
}
location /video/ {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Origin, *' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
if ($request_method = 'OPTIONS') {
# 添加 CORS 头,确保只设置一次
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Origin, *';
add_header 'Access-Control-Allow-Credentials' 'true';
return 204;
}
proxy_pass http://traefik:80/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
error_page 404 /404;
}
location /ws/lsp/ {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Origin, *' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
if ($request_method = 'OPTIONS') {
# 添加 CORS 头,确保只设置一次
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Origin, *';
add_header 'Access-Control-Allow-Credentials' 'true';
return 204;
}
proxy_pass http://traefik:80/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
error_page 404 /404;
}
}
}
2. 空间版本参考
可以在 nginx.conf 中添加如下配置:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 100000;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $proxy_add_x_forwarded_for- $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 8;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary off;
gzip_disable "MSIE [1-6]\.";
fastcgi_intercept_errors on;
proxy_intercept_errors on;
server_tokens off;
server {
listen 80;
server_name localhost;
keepalive_timeout 180;
client_header_timeout 180;
client_body_timeout 180;
client_max_body_size 10240M;
client_header_buffer_size 512k;
large_client_header_buffers 4 512k;
charset utf-8;
error_page 404 /404.html;
location /404.html {
root /usr/share/nginx/html;
try_files $uri /404.html;
}
location /404 {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Origin, *' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
if ($request_method = 'OPTIONS') {
# 添加 CORS 头,确保只设置一次
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Origin, *';
add_header 'Access-Control-Allow-Credentials' 'true';
return 204;
}
proxy_pass http://traefik:80/front/404;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /portal/ {
alias /usr/share/nginx/portal/;
index index.html index.htm;
try_files $uri /index.html;
}
location /rest/front {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Origin, *' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
if ($request_method = 'OPTIONS') {
# 添加 CORS 头,确保只设置一次
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Origin, *';
add_header 'Access-Control-Allow-Credentials' 'true';
return 204;
}
proxy_pass http://traefik:80/front;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ^~ /rest/static {
alias /usr/share/nginx/html/static/;
}
location /portal/rest/ {
set $http_method $request_method;
if ($http_x_request_http_method = "DELETE") {
set $http_method $http_x_request_http_method;
}
if ($http_x_request_http_method = "PUT") {
set $http_method $http_x_request_http_method;
}
if ($http_x_request_http_method = "PATCH") {
set $http_method $http_x_request_http_method;
}
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Origin, *' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
if ($request_method = 'OPTIONS') {
# 添加 CORS 头,确保只设置一次
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Origin, *';
add_header 'Access-Control-Allow-Credentials' 'true';
return 204;
}
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection 1;
add_header Content-Security-Policy "default-src 'self'; style-src * 'unsafe-inline'; img-src * data:; object-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; font-src * data:; worker-src * blob:;";
add_header Referrer-Policy value;
add_header X-Permitted-Cross-Domain-Policies value;
add_header X-Download-Options value;
add_header X-Frame-Options SAMEORIGIN;
add_header Strict-Transport-Security value;
proxy_method $http_method;
proxy_pass http://traefik:80/;
proxy_read_timeout 300;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
error_page 404 /404;
}
location /rest/ {
set $http_method $request_method;
if ($http_x_request_http_method = "DELETE") {
set $http_method $http_x_request_http_method;
}
if ($http_x_request_http_method = "PUT") {
set $http_method $http_x_request_http_method;
}
if ($http_x_request_http_method = "PATCH") {
set $http_method $http_x_request_http_method;
}
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection 1;
add_header Content-Security-Policy "default-src 'self'; style-src * 'unsafe-inline'; img-src * data:; object-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; font-src * data:; worker-src * blob:;";
add_header Referrer-Policy value;
add_header X-Permitted-Cross-Domain-Policies value;
add_header X-Download-Options value;
add_header X-Frame-Options SAMEORIGIN;
add_header Strict-Transport-Security value;
proxy_method $http_method;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Origin, *' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
if ($request_method = 'OPTIONS') {
# 添加 CORS 头,确保只设置一次
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Origin, *';
add_header 'Access-Control-Allow-Credentials' 'true';
return 204;
}
proxy_pass http://traefik:80/;
proxy_read_timeout 300;
# proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
error_page 404 /404;
}
location /ws {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Origin, *' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
if ($request_method = 'OPTIONS') {
# 添加 CORS 头,确保只设置一次
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Origin, *';
add_header 'Access-Control-Allow-Credentials' 'true';
return 204;
}
proxy_pass http://traefik:80/core/ws;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location = / {
rewrite ^/(.*) portal/index.html redirect;
}
location / {
root /usr/share/nginx/html;
index index.html index.htm;
#try_files $uri /index.html;
try_files $uri /rest/front/static/index;
}
location = /admin {
return 404;
}
location /admin {
root /usr/share/nginx/html;
index index.html index.htm;
#try_files $uri /index.html;
try_files $uri /rest/front/static/admin;
}
location ~ /ISAPI|SDK/ {
if ($http_cookie ~ "webVideoCtrlProxy=(.+)") {
proxy_pass http://$cookie_webVideoCtrlProxy;
break;
}
}
location ^~ /webSocketVideoCtrlProxy {
#web socket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
if ($http_cookie ~ "webVideoCtrlProxyWs=(.+)") {
proxy_pass http://$cookie_webVideoCtrlProxyWs/$cookie_webVideoCtrlProxyWsChannel?$args;
break;
}
if ($http_cookie ~ "webVideoCtrlProxyWss=(.+)") {
proxy_pass http://$cookie_webVideoCtrlProxyWss/$cookie_webVideoCtrlProxyWsChannel?$args;
break;
}
}
location /video/ {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Origin, *' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
if ($request_method = 'OPTIONS') {
# 添加 CORS 头,确保只设置一次
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Origin, *';
add_header 'Access-Control-Allow-Credentials' 'true';
return 204;
}
proxy_pass http://traefik:80/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
error_page 404 /404;
}
location /ws/lsp/ {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Origin, *' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
if ($request_method = 'OPTIONS') {
# 添加 CORS 头,确保只设置一次
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Origin, *';
add_header 'Access-Control-Allow-Credentials' 'true';
return 204;
}
proxy_pass http://traefik:80/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
error_page 404 /404;
}
}
include ./webCfg/*.conf;
}
通过这些配置,你可以在 Nginx 中灵活地设置跨域访问规则,确保你的应用能够处理不同来源的请求。