我正在使用nginx后面的nodejs应用程序。此应用程序提供受保护的图我使用nodejs对用户进行身份验证,然后向内部位置发出x-accel-redirect以提供图像。这部分工作正常。
客户请求路由/auth/images/products/XYZ.jpg Nodejs收到此请求,检查授权,然后将x-accel-redirect标头传递给内部路由/images/products/XYZ.jpg,然后nginx将服务。
什么是行不通的是我希望nginx根据etag比较发出304响应。我得到的只有200条回复。
我的nginx配置如下。请让我知道我可能需要更改以获得正确的304响应。提前谢谢。
# set up upstream nodejs server
upstream nodejs {
server 127.0.0.1:4000;
keepalive 8;
}
# forward http to https
server {
listen 80 default_server; # default handler for this port
server_name domain.com;
#access_log /home/nodejs/logs/nginx.log;
#error_log /home/nodejs/logs/nginx_error.log;
return 301 https://$server_name$request_uri;
}
# main server
server {
listen 443 default_server; # default handler for this port
server_name domain.com;
# security settings
ssl on;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!RC4:!3DES:!aDSS:!aNULL:!kPSK:!kSRP:!MD5:@STRENGTH:+SHA1:+kRSA;
ssl_session_cache shared:TLSSL:16m;
ssl_session_timeout 10m;
ssl_certificate /home/nodejs/project/ssl/dsa_bundle.crt;
ssl_certificate_key /home/nodejs/project/ssl/dsa.key;
ssl_stapling on; # selfsigned=off
ssl_stapling_verify on; # selfsigned=off
add_header Strict-Transport-Security max-age=63072000;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;
# other config
charset UTF-8;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# use sendfile when possible
sendfile on;
tcp_nopush on;
tcp_nodelay on;
# timeouts
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 5;
send_timeout 10;
#buffers
client_body_buffer_size 100K;
client_header_buffer_size 1k;
client_max_body_size 10m;
large_client_header_buffers 2 1k;
#compression
gzip on;
gzip_vary on;
gzip_min_length 10240;
gzip_buffers 10240 32k;
gzip_comp_level 4;
gzip_proxied any;
gzip_types text/plain text/css text/x-component
text/xml application/xml application/xhtml+xml application/json
application/atom+xml
text/javascript application/javascript application/x-javascript
application/rtf application/msword
application/vnd.ms-powerpoint application/vnd.ms-excel
application/vnd.ms-fontobject application/vnd.wap.wml
application/x-font-ttf application/x-font-opentype;
# logging
access_log /home/nodejs/logs/nginx.log;
error_log /home/nodejs/logs/nginx_error.log;
location ~ ^\/images\/products\/(.*)\.jpg$ {
root /home/nodejs/project/private;
try_files $uri /images/products/Coming_Soon.jpg =404;
#error_page 404 /images/products/Coming_Soon_sm.png;
error_log /dev/null crit;
access_log on;
etag on;
add_header Etag $upstream_http_etag;
expires 24h;
add_header Pragma "public";
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
internal;
}
# unprotected static content
location ~ ^/(admin/assets/|admin/includes/|admin/js/|images/|fonts/|css/|img/|js/|lib/|views/) {
root /home/nodejs/project/public;
# error_page 404 /something_here??.png;
access_log off;
expires 24h;
add_header Pragma "public";
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
# Set up node gateway for maintenance
location / {
# if maintenance page exists use that first
root /home/nodejs/project/public;
try_files /maintenance.html @proxy;
access_log on;
}
# set up node proxy
location @proxy {
proxy_pass http://nodejs; # can work with http internally. It's faster
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
send_timeout 60s;
access_log on;
}
}
答案 0 :(得分:0)
您的nodejs应用程序需要返回Status: 304 Not Modified
标头,然后Nginx会为您返回。