dockerized Nginx 中有一个 Angular 应用程序。Nginx 配置为 https 模式,并带有受信任的 SSL 证书。Nginx
配置如下:
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format trace '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
gzip on;
gzip_disable "msie6";
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types
text/plain
text/css
text/js
text/xml
text/javascript
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
image/svg+xml;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
server {
server_name www.example.com;
ssl_certificate /etc/ssl/example.crt;
ssl_certificate_key /etc/ssl/example.key;
listen *:80;
listen *:443 ssl spdy;
listen [::]:80 ipv6only=on;
listen [::]:443 ssl spdy ipv6only=on;
return 301 https://example.com$request_uri;
}
server {
server_name example.com;
listen *:80;
listen [::]:80;
return 301 https://example.com$request_uri;
}
server {
server_name example.com;
listen *:443 ssl spdy;
listen [::]:443 ssl spdy;
ssl_certificate /etc/ssl/example.crt;
ssl_certificate_key /etc/ssl/example.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
keepalive_timeout 70;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
}
}
当 Angular 应用向后端发送 rest 请求时,例如 POSThttps://用户服务/api/update/testuser,我在开发工具中看到下一个请求 URL:POSThttps://example.com/user-service/api/update/testuser并在响应中获取 405 HTTP 代码。
当 Nginx 配置为仅 HTTP 模式并且开发工具中的请求 URL 与 Angular 应用程序中定义的相同(例如 POST)时,不会观察到此类问题http://用户服务/api/update/testuser.
也许这个行为与安全策略有某种关系,但我在Nginx文档中没有找到任何设置和说明。
附加信息:
一个内部 docker 网络中有多个 dockerized 服务,其中包括前面提到的带有 Angular 应用程序的 Nginx。并且只有 Nginx 有开放端口(端口映射)。所有其他服务都应与外界关闭,因此,不考虑代理请求的选项。