1. 首页
  2. 代码片断库
  3. ini
全部数据
text
javascript
php
markdown
sh
java
python
html
csharp
css
sql
c_cpp
PHP
ruby
xml
scss
json
swift
JavaScript
typescript
vbscript
powershell
CSS
apache_conf
ActionScript 3
r
ini
HTML
golang

ini boxen / brew nginx开发配置w / fastcgi php-fpm

boxen / brew nginx开发配置w / fastcgi php-fpm

vhosts.conf 
server {
  set $work_folder /work;
	listen 80;
    index index.php index.html index.htm;

	server_name ~^(.*)\.dev$;
	
	if (-d /work/$1/) {
            set $path $work_folder/$1;
    } 
	if (-d /work/$1/www/) {
       		set $path $work_folder/$1/www;
	}
	if (-d /work/$1/site/) {
       		set $path $work_folder/$1/site;
	}
	if (-d /work/$1/app/) {
       		set $path $work_folder/$1/app;
	}

    root $path;

	location ~ \.php$ {
                try_files $uri =404;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass 127.0.0.1:9900;
                fastcgi_index index.php;
     	  		fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
				fastcgi_param  SERVER_SOFTWARE    nginx;
				fastcgi_param  QUERY_STRING       $query_string;
				fastcgi_param  REQUEST_METHOD     $request_method;
				fastcgi_param  CONTENT_TYPE       $content_type;
				fastcgi_param  CONTENT_LENGTH     $content_length;
				fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
				fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
				fastcgi_param  REQUEST_URI        $request_uri;
				fastcgi_param  DOCUMENT_URI       $document_uri;
				fastcgi_param  DOCUMENT_ROOT      $document_root;
				fastcgi_param  SERVER_PROTOCOL    $server_protocol;
				fastcgi_param  REMOTE_ADDR        $remote_addr;
				fastcgi_param  REMOTE_PORT        $remote_port;
				fastcgi_param  SERVER_ADDR        $server_addr;
				fastcgi_param  SERVER_PORT        $server_port;
				fastcgi_param  SERVER_NAME        $server_name;
	 }
}

ini ZFS-池A-rsync.conf

zfs-poola-rsync.conf 
description "Upstart script to run rsync replication between datasets"
author "Sam Zaydel"

env NODE_BIN=/usr/bin/node
env NODE_PATH=/usr/lib/nodejs:/usr/lib/node_modules:/usr/share/javascript
env APP_DIR=/opt/zfs-poola-rsync/bin
env SCRIPT_FILE="runme.js"   # Entry point for the nodejs app
env LOG_FILE=/var/log/zfs-poola-rsync.log
env RUN_AS="root"        # Upstart can only be run nicely as root, need to drop privileges
#env SERVER_ENV="anything"   # Usual apps can be run in different environments (development, test, production ...)
                            # I typically use the environment variable NODE_ENV (see below) 
                            # If not needed simply remove the "NODE_ENV=$SERVER_ENV" below

# Start service on startup, stop on shutdown
start on runlevel [2345]
stop on runlevel [016]

# Respawn in case of a crash, with default parameters
respawn

script
        # Make sure logfile exists and can be written by the user we drop privileges to
	touch $LOG_FILE
	chown $RUN_AS:$RUN_AS $LOG_FILE

	chdir $APP_DIR
	echo "===== Begin Current Environment =====" >> $LOG_FILE
	env >> $LOG_FILE
	echo "=====  End Current Environment  =====" >> $LOG_FILE

	NODE_ENV=$SERVER_ENV su -s /bin/sh -c 'exec "$0" "$@"' $RUN_AS -- $NODE_BIN $SCRIPT_FILE >> $LOG_FILE 2>&1
end script


post-start script
	echo "===== App restarted =====" >> $LOG_FILE
end script

ini 最佳nginx配置,可提高安全性(和性能)。完整的博客文章http://tautt.com/best-nginx-configuration-for-secur

最佳nginx配置,可提高安全性(和性能)。完整的博客文章http://tautt.com/best-nginx-configuration-for-security/

generate-dhparam.sh 
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
nginx.conf 
# read more here http://tautt.com/best-nginx-configuration-for-security/

# don't send the nginx version number in error pages and Server header
server_tokens off;

# config to don't allow the browser to render the page inside an frame or iframe
# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
add_header X-Frame-Options SAMEORIGIN;

# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
# to disable content-type sniffing on some browsers.
# https://www.owasp.org/index.php/List_of_useful_HTTP_headers
# currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
# http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
# 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
add_header X-Content-Type-Options nosniff;

# This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
# It's usually enabled by default anyway, so the role of this header is to re-enable the filter for 
# this particular website if it was disabled by the user.
# https://www.owasp.org/index.php/List_of_useful_HTTP_headers
add_header X-XSS-Protection "1; mode=block";

# with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy),
# you can tell the browser that it can only download content from the domains you explicitly allow
# http://www.html5rocks.com/en/tutorials/security/content-security-policy/
# https://www.owasp.org/index.php/Content_Security_Policy
# I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval'
# directives for css and js(if you have inline css or js, you will need to keep it too).
# more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";

# redirect all http traffic to https
server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name .forgott.com;
  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name .forgott.com;

  ssl_certificate /etc/nginx/ssl/star_forgott_com.crt;
  ssl_certificate_key /etc/nginx/ssl/star_forgott_com.key;

  # enable session resumption to improve https performance
  # http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html
  ssl_session_cache shared:SSL:50m;
  ssl_session_timeout 1d;
  ssl_session_tickets off;

  # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
  ssl_dhparam /etc/nginx/ssl/dhparam.pem;

  # enables server-side protection from BEAST attacks
  # http://blog.ivanristic.com/2013/09/is-beast-still-a-threat.html
  ssl_prefer_server_ciphers on;
  # disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then TLS http://en.wikipedia.org/wiki/Secure_Sockets_Layer#SSL_3.0
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  # ciphers chosen for forward secrecy and compatibility
  # http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html
  ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';

  # enable ocsp stapling (mechanism by which a site can convey certificate revocation information to visitors in a privacy-preserving, scalable manner)
  # http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
  resolver 8.8.8.8 8.8.4.4;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /etc/nginx/ssl/star_forgott_com.crt;

  # config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
  # to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
  # also https://hstspreload.org/
  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";

  # ... the rest of your configuration
}

ini 最佳nginx配置,可提高安全性(和性能)。完整的博客文章http://tautt.com/best-nginx-configuration-for-secur

最佳nginx配置,可提高安全性(和性能)。完整的博客文章http://tautt.com/best-nginx-configuration-for-security/

gistfile1.sh 
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
nginx.conf 
# read more here http://tautt.com/best-nginx-configuration-for-security/

# don't send the nginx version number in error pages and Server header
server_tokens off;

# config to don't allow the browser to render the page inside an frame or iframe
# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
add_header X-Frame-Options SAMEORIGIN;

# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
# to disable content-type sniffing on some browsers.
# https://www.owasp.org/index.php/List_of_useful_HTTP_headers
# currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
# http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
# 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
add_header X-Content-Type-Options nosniff;

# This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
# It's usually enabled by default anyway, so the role of this header is to re-enable the filter for 
# this particular website if it was disabled by the user.
# https://www.owasp.org/index.php/List_of_useful_HTTP_headers
add_header X-XSS-Protection "1; mode=block";

# with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy),
# you can tell the browser that it can only download content from the domains you explicitly allow
# http://www.html5rocks.com/en/tutorials/security/content-security-policy/
# https://www.owasp.org/index.php/Content_Security_Policy
# I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval'
# directives for css and js(if you have inline css or js, you will need to keep it too).
# more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";

# redirect all http traffic to https
server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name .forgott.com;
  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name .forgott.com;

  ssl_certificate /etc/nginx/ssl/star_forgott_com.crt;
  ssl_certificate_key /etc/nginx/ssl/star_forgott_com.key;

  # enable session resumption to improve https performance
  # http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html
  ssl_session_cache shared:SSL:50m;
  ssl_session_timeout 1d;
  ssl_session_tickets off;

  # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
  ssl_dhparam /etc/nginx/ssl/dhparam.pem;

  # enables server-side protection from BEAST attacks
  # http://blog.ivanristic.com/2013/09/is-beast-still-a-threat.html
  ssl_prefer_server_ciphers on;
  # disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then TLS http://en.wikipedia.org/wiki/Secure_Sockets_Layer#SSL_3.0
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  # ciphers chosen for forward secrecy and compatibility
  # http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html
  ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';

  # enable ocsp stapling (mechanism by which a site can convey certificate revocation information to visitors in a privacy-preserving, scalable manner)
  # http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
  resolver 8.8.8.8 8.8.4.4;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /etc/nginx/ssl/star_forgott_com.crt;

  # config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
  # to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
  # also https://hstspreload.org/
  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";

  # ... the rest of your configuration
}

ini example_nginx_config_wpmulsite.conf

example_nginx_config_wpmulsite.conf 
map $uri $blogname{
    ~^(?P<blogpath>/[^/]+/)files/(.*)   $blogpath ;
}

map $blogname $blogid{
    default -999;

    #Ref: http://wordpress.org/extend/plugins/nginx-helper/
    #include /var/www/wordpress/wp-content/plugins/nginx-helper/map.conf ;
}

server {
    listen 80;
    server_name example.com ;

    root /var/www/vhosts/example.com/html;
    index index.php;

    location ~ ^(/[^/]+/)?files/(.+) {
        try_files /wp-content/blogs.dir/$blogid/files/$2 /wp-includes/ms-files.php?file=$2 ;
        access_log off; log_not_found off; expires max;
    }

    #avoid php readfile()
    location ^~ /blogs.dir {
        internal;
        alias /var/www/vhosts/example.com/html/content/uploads ;
        access_log off; log_not_found off; expires max;
    }

    if (!-e $request_filename) {
        rewrite /wp-admin$ $scheme://$host$uri/ permanent;
        rewrite ^(/[^/]+)?(/wp-.*) $2 last;
        rewrite ^(/[^/]+)?(/.*\.php) $2 last;
    }

    location / {
        try_files $uri $uri/ /index.php?$args ;
        index index.php;
    }

    location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/tmp/php5-fpm.sock;
            fastcgi_index index.php;
            include fastcgi_params;
    }


    #add some rules for static content expiry-headers here
}

ini nginx.conf

unicorn.rb 
# -*- encoding: utf-8 -*-

root_path = File.expand_path '../', File.dirname(__FILE__)
# 日志
log_file = root_path + '/log/unicorn.log'
err_log  = root_path + '/log/unicorn_error.log'
# 进程标识
pid_file = '/tmp/unicorn_padrino.pid'
old_pid = pid_file + '.oldbin'
# 通道
socket_file = '/tmp/unicorn_padrino.sock'

worker_processes 6
working_directory root_path
timeout 30
# 侦听
listen 8080, tcp_nopush: false
listen socket_file, backlog: 1024

pid pid_file
stderr_path err_log
stdout_path log_file

preload_app true

before_exec do |server|
  ENV['BUNDLE_GEMFILE'] = root_path + '/Gemfile'
end

before_fork do |server, worker|
  if File.exists?(old_pid) && server.pid != old_pid
    begin
      Process.kill('QUIT', File.read(old_pid).to_i)
    rescue Errno::ENOENT, Errno::ESRCH
      puts "Send 'QUIT' signal to unicorn error!"
    end
  end
end
one.sh 
#!/bin/sh
# rvm wrapper ruby-1.9.3-p194 bootup
UNICORN=/home/innshine/.rvm/bin/bootup_unicorn
CONFIG_FILE=/home/innshine/one/config/unicorn.rb
APP_HOME=/home/innshine/one

case "$1" in
  start)
  $UNICORN -c $CONFIG_FILE -E production -D
  ;;
  stop)
  kill -QUIT `cat /tmp/unicorn_padrino.pid`
  ;;
  restart|force-reload)
    kill -USR2 `cat /tmp/unicorn_padrino.pid`
  ;;
  *)
   echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
   exit 3
   ;;
esac

:
nginx_service 
#!/bin/bash
# nginx Startup script for the Nginx HTTP Server
# it is v.0.0.2 version.
# chkconfig: - 85 15
# description: Nginx is a high-performance web and proxy server.
#              It has a lot of features, but it's not for everyone.
# processname: nginx
# pidfile: /var/run/nginx.pid
# config: /usr/local/nginx/conf/nginx.conf
nginxd=/usr/local/nginx/sbin/nginx
nginx_config=/usr/local/nginx/conf/nginx.conf
nginx_pid=/var/run/nginx.pid
RETVAL=0
prog="nginx"
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -x $nginxd ] || exit 0
# Start nginx daemons functions.
start() {
if [ -e $nginx_pid ];then
   echo "nginx already running...."
   exit 1
fi
   echo -n $"Starting $prog: "
   daemon $nginxd -c ${nginx_config}
   RETVAL=$?
   echo
   [ $RETVAL = 0 ] && touch /var/lock/subsys/nginx
   return $RETVAL
}
# Stop nginx daemons functions.
stop() {
        echo -n $"Stopping $prog: "
        killproc $nginxd
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && rm -f /var/lock/subsys/nginx /var/run/nginx.pid
}
# reload nginx service functions.
reload() {
    echo -n $"Reloading $prog: "
    #kill -HUP `cat ${nginx_pid}`
    killproc $nginxd -HUP
    RETVAL=$?
    echo
}
# See how we were called.
case "$1" in
start)
        start
        ;;
stop)
        stop
        ;;
reload)
        reload
        ;;
restart)
        stop
        start
        ;;
status)
        status $prog
        RETVAL=$?
        ;;
*)
        echo $"Usage: $prog {start|stop|restart|reload|status|help}"
        exit 1
esac
exit $RETVAL
nginx.conf 
# sudo ln -s ~/nginx.conf unicorn.conf
upstream app_server {
  server unix:/tmp/unicorn_padrino.sock fail_timeout=0;
}

server {
  listen   80;
  charset  utf-8;
  server_name  db.innshine.com;

  keepalive_timeout 5;

  root        /home/innshine/one/public;
  access_log  /home/innshine/one/log/nginx_access.log;
  error_log   /home/innshine/one/log/nginx_error.log;
  rewrite_log on;

  location ~* ^/(images|javascripts|stylesheets|img)/  {
    access_log    off;
    log_not_found off;
    expires       max;
    break;
  }

  location / {
    proxy_set_header Host               $host;
    proxy_set_header X-Forwarded-Host   $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Real-IP          $remote_addr;
    proxy_set_header X-Forward-For      $proxy_add_x_forwarded_for;
    proxy_buffering  on;
    proxy_redirect   off;

    if (!-f $request_filename) {
      proxy_pass http://app_server;
      break;
    } 
  }

}

ini 本地php.ini设置

本地php.ini设置

local.ini 
date.timezone = "Europe/Berlin"
memory_limit = 1G
post_max_size = 1G
upload_max_filesize = 1G
max_input_time = 0

ini 本地php.ini设置

本地php.ini设置

local.ini 
date.timezone = "Europe/Berlin"
memory_limit = 1G
post_max_size = 1G
upload_max_filesize = 1G
max_input_time = 0

ini CORS-nginx.conf

cors-nginx.conf 
#
# Wide-open CORS config for nginx
#
location / {

     if ($request_method = 'OPTIONS') {

        add_header 'Access-Control-Allow-Origin' '*';
        
        #
        # Om nom nom cookies
        #

        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        
        #
        # Custom headers and headers various browsers *should* be OK with but aren't
        #

        add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
        
        #
        # Tell client that this pre-flight info is valid for 20 days
        #

        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        add_header 'Content-Length' 0;

        return 204;
     }

     if ($request_method = 'POST') {

        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

     }

     if ($request_method = 'GET') {

        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

     }

}

ini 这是一个nginx配置,它执行以下操作: - 在`example.com`和`api.example.com`之间使用CORS实现RESTful API

这是一个nginx配置,它执行以下操作: - 在`example.com`和`api.example.com`之间使用CORS实现RESTful API-使用SSL-反向代理从端口443到端口上运行的NodeJS应用程序的SSL流量8000摘自此页面,感谢原作者:http://enable-cors.org/server_nginx.html

nginx.conf 
# Configure the reverse-proxy on port 443
server {
  # general configs
  keepalive_timeout    30;
  listen               127.0.0.1:443 ssl;
  server_name          api.example.com;

  # ssl configs
  ssl_certificate      /path/to/api.crt;
  ssl_certificate_key  /path/to/api.key;
  ssl_session_cache    shared:SSL:10m;
  ssl_session_timeout  10m;

  # proxy to the nodejs applciation
  location / {

    # handle OPTIONS requests
    # @note: don't try to DRY out this "if" block, or you're gonna have a bad time.
    # @see: http://wiki.nginx.org/IfIsEvil
    if ($request_method = 'OPTIONS') {
      add_header 'Access-Control-Allow-Credentials' 'true';
      add_header 'Access-Control-Allow-Headers'     'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
      add_header 'Access-Control-Allow-Methods'     'GET, DELETE, OPTIONS, POST, PUT';
      add_header 'Access-Control-Allow-Origin'      'https://example.com';
      add_header 'Access-Control-Max-Age'           2592000;
      add_header 'Content-Length'                   0;
      add_header 'Content-Type'                     'text/plain charset=UTF-8';
      return 204;
    }

    # proxy to the nodejs application
    client_max_body_size 64G;
    proxy_pass   http://127.0.0.1:8000;

    # send the CORS headers
    add_header 'Access-Control-Allow-Credentials' 'true';
    add_header 'Access-Control-Allow-Origin'      'https://example.com';

    # set additional security headers
    add_header 'Cache-Control'                    'no-cache, no-store, must-revalidate';
    add_header 'Content-Security-Policy'          'connect-src example.com';
    add_header 'Expires'                          '0';
    add_header 'Pragma'                           'no-cache';
    add_header 'Strict-Transport-Security'        'max-age=31536000; includeSubDomains';
    add_header 'X-Content-Type-Options'           'nosniff';
    add_header 'X-Frame-Options'                  'DENY';
    add_header 'X-XSS-Protection'                 '1; mode=block';
  }

  # logs paths
  access_log /path/to/access.log;
  error_log  /path/to/error.log;
}

# Rewrite all trafic on port 80 to 443
server {
  listen         127.0.0.1:80;
  server_name    api.example.com;
  rewrite        ^ https://$server_name:8000$request_uri? permanent;
}