我在 nginx 后面使用 Nodejs 应用程序。该应用程序提供 protected 图像。我使用 nodejs 对用户进行身份验证,然后向内部位置发出 x-accel-redirect 来提供图像。这部分工作正常。
客户端请求路由/auth/images/products/XYZ.jpg Nodejs 接收此请求,检查授权,然后将 x-accel-redirect header 传递到内部路由/images/products/XYZ.jpg,然后由 nginx 提供服务。
不起作用的是我希望 nginx 根据 etag 比较发出 304 响应。我收到的只有 200 条回复。
我的 nginx 配置如下。请让我知道我可能需要更改哪些内容才能获得正确的 304 响应。提前致谢。
# set up upstream nodejs server
upstream nodejs {
server 127.0.0.1:4000;
keepalive 8;
}
# forward http to https
server {
listen 80 default_server; # default handler for this port
server_name domain.com;
#access_log /home/nodejs/logs/nginx.log;
#error_log /home/nodejs/logs/nginx_error.log;
return 301 https://$server_name$request_uri;
}
# main server
server {
listen 443 default_server; # default handler for this port
server_name domain.com;
# security settings
ssl on;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!RC4:!3DES:!aDSS:!aNULL:!kPSK:!kSRP:!MD5:@STRENGTH:+SHA1:+kRSA;
ssl_session_cache shared:TLSSL:16m;
ssl_session_timeout 10m;
ssl_certificate /home/nodejs/project/ssl/dsa_bundle.crt;
ssl_certificate_key /home/nodejs/project/ssl/dsa.key;
ssl_stapling on; # selfsigned=off
ssl_stapling_verify on; # selfsigned=off
add_header Strict-Transport-Security max-age=63072000;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;
# other config
charset UTF-8;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# use sendfile when possible
sendfile on;
tcp_nopush on;
tcp_nodelay on;
# timeouts
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 5;
send_timeout 10;
#buffers
client_body_buffer_size 100K;
client_header_buffer_size 1k;
client_max_body_size 10m;
large_client_header_buffers 2 1k;
#compression
gzip on;
gzip_vary on;
gzip_min_length 10240;
gzip_buffers 10240 32k;
gzip_comp_level 4;
gzip_proxied any;
gzip_types text/plain text/css text/x-component
text/xml application/xml application/xhtml+xml application/json
application/atom+xml
text/javascript application/javascript application/x-javascript
application/rtf application/msword
application/vnd.ms-powerpoint application/vnd.ms-excel
application/vnd.ms-fontobject application/vnd.wap.wml
application/x-font-ttf application/x-font-opentype;
# logging
access_log /home/nodejs/logs/nginx.log;
error_log /home/nodejs/logs/nginx_error.log;
location ~ ^\/images\/products\/(.*)\.jpg$ {
root /home/nodejs/project/private;
try_files $uri /images/products/Coming_Soon.jpg =404;
#error_page 404 /images/products/Coming_Soon_sm.png;
error_log /dev/null crit;
access_log on;
etag on;
add_header Etag $upstream_http_etag;
expires 24h;
add_header Pragma "public";
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
internal;
}
# unprotected static content
location ~ ^/(admin/assets/|admin/includes/|admin/js/|images/|fonts/|css/|img/|js/|lib/|views/) {
root /home/nodejs/project/public;
# error_page 404 /something_here??.png;
access_log off;
expires 24h;
add_header Pragma "public";
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
# Set up node gateway for maintenance
location / {
# if maintenance page exists use that first
root /home/nodejs/project/public;
try_files /maintenance.html @proxy;
access_log on;
}
# set up node proxy
location @proxy {
proxy_pass http://nodejs; # can work with http internally. It's faster
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
send_timeout 60s;
access_log on;
}
}
最佳答案
您的nodejs应用程序需要返回Status: 304 Not Modified header ,然后Nginx将为您返回它。
关于node.js - nginx x-accel-redirect 与 304 响应的 etag 比较,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29132146/