Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you about how to use nginx to solve cookie cross-domain access. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

First, write in front

Recently, the project of four servers on Ali Cloud needs to be migrated to a new project provided by customers, and the first-level domain name and second-level domain name are used in the original four servers. Such as aaa.abc.com and bbb.abc.com and ccc.abc.com. Where aaa.abc.com logs in, by setDomain the information in cookie to .abc.com. This cookie can be shared by other systems. But there are no domain names applied for in the new four servers, only four ip:

192.168.0.1 single sign-on server

192.168.0.2

192.168.0.3

192.168.0.4

Because each server has two projects, both use single sign-on, so it takes too much time to modify the new shared login method, so search for cross-domain login of cookie on the Internet and try to give setDomain to servers 2, 3 and 4 respectively in 192.168.0.1 single sign-on server. The result is not ideal because the browser does not allow it. Then I stumbled upon that nginx could share cookie in a deceptive way. So think of the original company deployment of nginx and this layer of usage.

Second, the original nginx configuration

First of all, let's talk about the installation of nginx. There are many tutorials on this website. I will not repeat them, but I will refer to installing and starting nginx in Linux. It is important to note that for the various with after. / configure, I encountered some problems in the configuration startup process:

Nginx: [emerg] unknown directive "aio" in

Plus-- with-file-aio

The copy code is as follows:

Starting nginx: nginx: [emerg] the INET6 sockets are not supported on this platform in "[:]: 80" of the

Add-- with-ipv6 to the end.

After the installation is complete. Mainly the configuration of nginx.conf

The configuration nginx.conf of the original server:

# For more information on configuration, see:# * Official English Documentation: http://nginx.org/en/docs/# * Official Russian Documentation: http://nginx.org/ru/docs/user root;worker_processes 2 on workerships cputbacks 1000 0100 on errorships log logs/error.log;pid logs/nginx.pid;events {worker_connections 2048 } http {log_format main'$remote_addr-$remote_user [$time_local] "$request"'$status $body_bytes_sent "$http_referer"'"$http_user_agent"$http_x_forwarded_for"; access_log logs/access.log main; gzip on; gzip_min_length 1000; gzip_buffers 48k; gzip_types text/plain application/javascript application/x-javascript text/css application/xml Client_max_body_size 8M; client_body_buffer_size 128k; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include mime.types; default_type application/octet-stream; connection_pool_size 512; aio on; open_file_cache max=1000 inactive=20s; # Load modular configuration files from the / etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. # the nginx.conf configuration is all the same include / usr/local/nginx/conf/conf.d/*.conf; server {listen 80 default_server; listen [::]: 80 ipv6only=on default_server; server_name _; root html; # Load configuration files for the default server block. Include / usr/local/nginx/conf/default.d/*.conf; location / {} error_page 404 / 404.html; location = / 40x.html {} error_page 500502503504 / 50x.hml; location = / 50x.html {}}

The original server

The configuration of conf.d/*.conf is reverse-proxy.conf

Server {listen 80; server_name m.abc.com.cn; location / {root / usr/share/nginx/html/; index index.html index.htm;} location ~\. (jsp | do)? ${proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:8084; } if ($http_user_agent ~ * "qihoobot | Baiduspider | Googlebot | Googlebot-Mobile | Googlebot-Image | Mediapartners-Google | Adsbot-Google | Feedfetcher-Google | Yahoo! Slurp | Yahoo! Slurp China | YoudaoBot | Sosospider | Sogou spider | Sogou web spider | MSNBot | ia_archiver | Tomato Bot ") {return 403;} access_log / home/logs/nginx/m.abc.com.cn_access.log;} server {listen 80; server_name store.abc.com.cn * .store.abc.com.cn; location / {proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr Proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:8081;} access_log / home/logs/nginx/store.abc.com.cn_access.log;} server {listen 80; server_name shopcenter.abc.com.cn; location / {proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr Proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://10.45.100.222:8082;} access_log / home/logs/nginx/shopcenter.abc.com.cn_access.log;} server {listen 80; server_name search.abc.com.cn; location / {proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr Proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://10.45.100.68:8083;} access_log / home/logs/nginx/search.abc.com.cn_access.log;}

After the above configuration, after nginx starts, you can access different servers by accessing different domain names. And because they all have a secondary domain name, .abc.com.cn. So you can share cookie.

The file structure of nginx is:

III. Modified nginx configuration

Mainly because the reverse-proxy.conf is different.

Server {listen 9998; server_name 192.168.0.1 location 9998; location / servlets/ {proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://192.168.0.1:8088;} location / {root / usr/local/nginx/html/web/ Index index.html index.htm;} location ~\. (jsp | do)? ${proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://192.168.0.1:8088; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade Proxy_set_header Connection "upgrade"; proxy_read_timeout 700s;} if ($http_user_agent ~ * "qihoobot | Baiduspider | Googlebot | Googlebot-Mobile | Googlebot-Image | Mediapartners-Google | Adsbot-Google | Feedfetcher-Google | Yahoo! Slurp | Yahoo! Slurp China | YoudaoBot | Sosospider | Sogou spider | Sogou web spider | MSNBot | ia_archiver | Tomato Bot ") {return 403;} access_log / usr/local/nginx/logs/www.abc.com.cn_access.log;} server {listen 9994; server_name 192.168.0.1 location 9994; location / {proxy_redirect off; root / usr/local/nginx/html/weixin/; index index.html index.htm;} location. (jsp | do)? ${proxy_redirect off Proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:8084;} if ($http_user_agent ~ * "qihoobot | Baiduspider | Googlebot | Googlebot-Mobile | Googlebot-Image | Mediapartners-Google | Adsbot-Google | Feedfetcher-Google | Yahoo! Slurp | Yahoo! Slurp China | YoudaoBot | Sosospider | Sogou spider | Sogou web spider | MSNBot | ia_archiver | Tomato Bot ") {return 403;} access_log / usr/local/nginx/logs/m.abc.com.cn_access.log;} server {listen 9990; server_name store.abc.com.cn * .store.abc.com.cn; location / {proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr Proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:8081;} access_log / usr/local/nginx/logs/store.abc.com.cn_access.log;} server {listen 9992; server_name 192.168.0.1 proxy_add_x_forwarded_for; proxy_pass 9992; location / {proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr Proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://192.168.0.2:8082;} access_log / usr/local/nginx/logs/shopcenter.abc.com.cn_access.log;} server {listen 9993; server_name 192.168.0.1 proxy_add_x_forwarded_for; proxy_pass 9993; location / {proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr Proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://192.168.0.3:8083;} access_log / usr/local/nginx/logs/search.abc.com.cn_access.log;} the above is how to use nginx to solve cookie cross-domain access. If you happen to have similar doubts, please refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.