我正在尝试创建一个可以从远程站点加载图像的代理。这样做的原因是,即使 URL 不安全(这会破坏我们的 SSL 徽章),也可以在我们这边加载安全内容。
基本上,如果我要求https://proxy.app.com/?url=http://www.google.lt/images/nav_logo242_hr.png
它会通过安全连接将图像发送回给我们的用户。
到目前为止我已经想到了:
server {
listen 80;
listen 443 ssl;
server_name proxy.app.com;
charset utf-8;
location /?url=(.*) {
proxy_pass $1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
...
}
但它返回默认的 Nginx 页面。我做错了什么?这可能吗?我不想为此使用服务器端语言。
答案1
好的,我明白了。
我最终得到:
server {
listen 80;
listen 443 ssl;
server_name proxy.example.com;
charset utf-8;
location @error {
return 404;
}
location / {
# only allow GET requests
if ($request_method != GET) {
return 404;
}
# do not allow empty urls
if ($arg_uri = "") {
return 404;
}
# do not allow non-app request origin
valid_referers none blocked *.example.com;
if ($invalid_referer) {
return 403;
}
resolver 8.8.8.8;
proxy_intercept_errors on;
proxy_pass $arg_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
error_page 500 = @error;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/example.com-error.log error;
sendfile off;
client_max_body_size 100m;
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
}