对于我的身份验证服务器...这可行。我喜欢为自己的人性化可读性提供/ auth选项...或者我也可以通过端口/上游为机器对机器配置它。
。
在conf开头
upstream auth {
server 127.0.0.1:9011 weight=1 fail_timeout=300s;
keepalive 16;
}
在我的443服务器块中
if (-d $request_filename) {
rewrite [^/]$ $scheme://$http_host$uri/ permanent;
}
location /auth {
proxy_pass http://$http_host:9011;
proxy_set_header Origin http://$host;
proxy_set_header Host $http_host:9011;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
}
在conf的底部
server {
listen 9001 ssl;
ssl_certificate /etc/letsencrypt/live/allineed.app/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/allineed.app/privkey.pem;
include snippets/exclusions.conf;
include snippets/security.conf;
include snippets/ssl.conf;
include snippets/fastcgi-cache.conf;
include snippets/limits.conf;
include snippets/nginx-cloudflare.conf;
location ~ / {
proxy_pass http://auth;
proxy_set_header Origin http://$host;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
}
if (-d $request_filename) {
rewrite [^/]$ $scheme://$http_host$uri/ permanent;
}
}
proxy_pass
指令末尾的斜杠。http://my_app_upstream
vshttp://my_app_upstream/