目录
1.返回响应-加工响应内容
对于Nginx作为反向代理的时候,对于上游服务器返回的一些header会被Nginx的过滤模块处理.
如&ngx_http_not_modified_filter_module,它会根据上游返回的cache_control等header去修
改我们到底是发送200还是发送304响应码给客户端,所以上游一些header中的内容会改变我们
作为反向代理的Nginx的行为,所以Nginx也提供了处理上游响应头部的一些指令,
1.禁用上游响应头部的功能的相关指令
proxy_ignore_headers
2.转发上游的响应的相关指令
proxy_hide_header
proxy_pass_header
3.修改返回的Set-Cookie头部
proxy_cookie_domain
proxy_cookie_path
4.修改返回的Location头部
proxy_redirect
2.proxy_ignore_headers
禁用上游中的header中的一些功能,注意并不是所有的header都有功能的,这个禁用指令
只对那些具有一些特殊功能的header才会发生作用.
X-Accel开头的这些指令都是Nginx定义的,apache等其他web服务器暂时并不承认.
官网解释:
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ignore_headers
Syntax: proxy_ignore_headers field ...;
Default: —
Context: http, server, location
Disables processing of certain response header fields from the proxied server. The
following fields can be ignored: “X-Accel-Redirect”, “X-Accel-Expires”, “X-Accel-Limit-
Rate” (1.1.6), “X-Accel-Buffering” (1.1.6), “X-Accel-Charset” (1.1.6), “Expires”, “Cache-
Control”, “Set-Cookie” (0.8.44), and “Vary” (1.7.7).
If not disabled, processing of these header fields has the following effect:
“X-Accel-Expires”, “Expires”, “Cache-Control”, “Set-Cookie”, and “Vary” set the parameters
of response caching;
“X-Accel-Redirect” performs an internal redirect to the specified URI;
“X-Accel-Limit-Rate” sets the rate limit for transmission of a response to a client;
“X-Accel-Buffering” enables or disables buffering of a response;
“X-Accel-Charset” sets the desired charset of a response.
3.proxy_hide_header
Syntax: proxy_hide_header field;
Default:—
Context:http, server, location
By default, nginx does not pass the header fields “Date”, “Server”, “X-Pad”, and “X-
Accel-...” from the response of a proxied server to a client. The proxy_hide_header
directive sets additional fields that will not be passed. If, on the contrary, the passing
of fields needs to be permitted, the proxy_pass_header directive can be used.
4.proxy_pass_header
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header
Syntax: proxy_hide_header field;
Default:—
Context:http, server, location
By default, nginx does not pass the header fields “Date”, “Server”, “X-Pad”, and “X-
Accel-...” from the response of a proxied server to a client. The proxy_hide_header
directive sets additional fields that will not be passed. If, on the contrary, the passing
of fields needs to be permitted, the proxy_pass_header directive can be used.
原本Date,Server,X-Pad,X-Accel这四个标签默认是被禁止向客户端发送的,如果想要向客户端发送这
四个指令,那么需要用proxy_pass_header这个指令把这四种默认被禁止向客户端发送的标签设置
成允许向客户端发送.
5.proxy_cookie_domain
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_domain
Syntax: proxy_cookie_domain off;
proxy_cookie_domain domain replacement;
Default:
proxy_cookie_domain off;
Context: http, server, location
This directive appeared in version 1.1.15.
Sets a text that should be changed in the domain attribute of the “Set-Cookie” header
fields of a proxied server response. Suppose a proxied server returned the “Set-Cookie”
header field with the attribute “domain=localhost”. The directive
proxy_cookie_domain localhost example.org;
will rewrite this attribute to “domain=example.org”.
A dot at the beginning of the domain and replacement strings and the domain attribute is
ignored. Matching is case-insensitive.
The domain and replacement strings can contain variables:
proxy_cookie_domain www.$host $host;
The directive can also be specified using regular expressions. In this case, domain
should start from the “~” symbol. A regular expression can contain named and positional
captures, and replacement can reference them:
proxy_cookie_domain ~\.(?P<sl_domain>[-0-9a-z]+\.[a-z]+)$ $sl_domain;
Several proxy_cookie_domain directives can be specified on the same level:
proxy_cookie_domain localhost example.org;
proxy_cookie_domain ~\.([a-z]+\.[a-z]+)$ $1;
The off parameter cancels the effect of the proxy_cookie_domain directives inherited
from the previous configuration level.
6.proxy_cookie_path
Syntax: proxy_cookie_path off;
proxy_cookie_path path replacement;
Default:
proxy_cookie_path off;
Context: http, server, location
This directive appeared in version 1.1.15.
Sets a text that should be changed in the path attribute of the “Set-Cookie” header fields
of a proxied server response. Suppose a proxied server returned the “Set-Cookie” header
field with the attribute “path=/two/some/uri/”. The directive
proxy_cookie_path /two/ /;
will rewrite this attribute to “path=/some/uri/”.
The path and replacement strings can contain variables:
proxy_cookie_path $uri /some$uri;
The directive can also be specified using regular expressions. In this case, path should
either start from the “~” symbol for a case-sensitive matching, or from the “~*” symbols
for case-insensitive matching. The regular expression can contain named and positional
captures, and replacement can reference them:
proxy_cookie_path ~*^/user/([^/]+) /u/$1;
Several proxy_cookie_path directives can be specified on the same level:
proxy_cookie_path /one/ /;
proxy_cookie_path / /two/;
The off parameter cancels the effect of the proxy_cookie_path directives inherited from the
previous configuration level.
7. proxy_redirect
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect
Syntax: proxy_redirect default;
proxy_redirect off;
proxy_redirect redirect replacement;
Default:
proxy_redirect default;
Context: http, server, location
Sets the text that should be changed in the “Location” and “Refresh” header fields of a
proxied server response. Suppose a proxied server returned the header field “Location:
http://localhost:8000/two/some/uri/”. The directive
proxy_redirect http://localhost:8000/two/ http://frontend/one/;
will rewrite this string to “Location: http://frontend/one/some/uri/”.
A server name may be omitted in the replacement string:
proxy_redirect http://localhost:8000/two/ /;
then the primary server’s name and port, if different from 80, will be inserted.
The default replacement specified by the default parameter uses the parameters of the
location and proxy_pass directives. Hence, the two configurations below are equivalent:
location /one/ {
proxy_pass http://upstream:port/two/;
proxy_redirect default;
location /one/ {
proxy_pass http://upstream:port/two/;
proxy_redirect http://upstream:port/two/ /one/;
The default parameter is not permitted if proxy_pass is specified using variables.
A replacement string can contain variables:
proxy_redirect http://localhost:8000/ http://$host:$server_port/;
A redirect can also contain (1.1.11) variables:
proxy_redirect http://$proxy_host:8000/ /;
The directive can be specified (1.1.11) using regular expressions. In this case,
redirect should either start with the “~” symbol for a case-sensitive matching, or with
the “~*” symbols for case-insensitive matching. The regular expression can contain named
and positional captures, and replacement can reference them:
proxy_redirect ~^(http://[^:]+):\d+(/.+)$ $1$2;
proxy_redirect ~*/user/([^/]+)/(.+)$ http://$1.example.com/$2;
Several proxy_redirect directives can be specified on the same level:
proxy_redirect default;
proxy_redirect http://localhost:8000/ /;
proxy_redirect http://www.example.com/ /;
The off parameter cancels the effect of the proxy_redirect directives inherited from the
previous configuration level.
Using this directive, it is also possible to add host names to relative redirects issued
by a proxied server:
proxy_redirect / /;
8.测试实验案例
1.上游服务器设置heaeder标签aaa(add_header aaa 'aaa value';),访问时查看头部发现有aaa这个标签
信息;
2.上游服务器设置heaeder标签aaa(add_header aaa 'aaa value';),代理服务器设置proxy_hide_header
aaa,访问时查看头部发现没有aaa这个标签信息了.
3. 反向代理服务器配置添加"proxy_pass_header server;",默认显示的不再是反向代理服务的server,
而是真正的上有服务器的名字.
4.上游服务器中限速设置“add_header X-Accel-Limit-Rate 10;”,代理服务没有任何设置(每秒只有10个
字节,非常慢);
5.上游服务器中限速设置“add_header X-Accel-Limit-Rate 10;”,
代理服务设置“proxy_ignore_headers X-Accel-Limit-Rate”(忽略限速,速度变得贼快);