我想向中国用户公开我的 API v1.2(及其文档)。父站点mysite.mycompany.com
对他们来说是屏蔽的,但1.2.3.4
实际上并非如此,因此我在该地址构建了一个反向代理,他们可以使用该代理访问我的服务。
我已经配置了 Nginx 来反向http://mysite.mycompany.com
代理http://1.2.3.4
该代理在 Firefox 和 IE 中运行良好,但在 Chrome 中却不行。登录使用 cookie 进行管理,但 Chrome 会忽略代理在登录期间发送的 Set-Cookie 标头,我不明白为什么。这会阻止 Chrome 用户登录。
父站点对登录请求的响应标头(其中 Set-Cookie 成功且登录成功)为
HTTP/1.1 302 Found
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/html; charset=UTF-8
Date: Tue, 12 Aug 2014 18:16:57 GMT
ETag: "1407867417"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 12 Aug 2014 18:16:57 +0000
Location: http://mysite.mycompany.com/user/me/apps
Server: Apache
X-Powered-By: PHP/5.3.15
Content-Length: 0
Connection: Keep-Alive
Set-Cookie: SESS25fe1d0b3b7239f403e22223da0614cf=Oo-PXr4XYQCFUKYUyZgX3UJpWADAhF_q7Xf-8gko3BU; expires=Thu, 04-Sep-2014 21:50:17 GMT; path=/; domain=.mysite.mycompany.com; HttpOnly
而代理站点(Set-Cookie失败,登录不成功)有以下响应头:
HTTP/1.1 302 Found
Server: nginx/1.4.7
Date: Tue, 12 Aug 2014 18:57:42 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Location: http://1.2.3.4/user/me/apps
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
ETag: "1407869862"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 12 Aug 2014 18:57:42 +0000
X-Powered-By: PHP/5.3.15
Connection: Keep-Alive
Set-Cookie: SESS25fe1d0b3b7239f403e22223da0614cf=DrY_4Y1NUPdIv9MsXPMjCr7Bzkq7DjyOmQPcNhetKXU; expires=Thu, 04-Sep-2014 22:31:02 GMT; path=/; domain=.1.2.3.4; HttpOnly
我的 nginx 配置中有趣的部分是
http {
# Ngnix defaults up to here then
proxy_cache_path /var/spool/nginx keys_zone=CACHE:20m levels=1:2 inactive=6h max_size=1g;
server {
listen 80;
location /v1.2/ {
proxy_pass http://api.mysite.mycompany.com/v1.2/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-HOST $host;
}
location / {
proxy_pass http://mysite.mycompany.com;
# Required to prevent the host serving gzipped pages that can't be modified with sub_filter
proxy_set_header Accept-Encoding '';
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-HOST $host;
proxy_cookie_domain mysite.mycompany.com 1.2.3.4;
sub_filter "mysite.mycompany.com" "1.2.3.4";
sub_filter_once off;
proxy_cache CACHE;
}
}
}
我已尝试关闭缓存元素,但似乎没有任何改变。
您是否知道为什么 Chrome 可能拒绝设置代理的 cookie?
答案1
事实证明这不是 nginx 配置的问题——很好。
问题在于 Chrome 只允许设置来自完全合格域名的 cookie,而不允许设置来自 IP 地址的 cookie
https://code.google.com/p/chromium/issues/detail?id=56211
我购买了一个域名,将它应用到我的服务器上,它就成功了。它需要对 nginx 配置进行一项更改,这是我原本应该做的,即替换这两行
proxy_cookie_domain mysite.mycompany.com $host;
sub_filter "mysite.mycompany.com" $host;