英文:
nginx add_header not applied to some server contexts
问题
我在nginx.conf文件的主http上有几个add_header指令,比如:
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
在server和location上没有其他类似的指令。出于某种原因,这个头部不会应用到server上下文中。例如,像这样的:
server {
server_name my.example.com;
location / {
proxy_pass http://192.168.1.1:12345;
}
location /robots.txt {
return 200 "User-agent: *\nDisallow: /\n";
}
client_max_body_size 300M;
listen 443 ssl; # 由Certbot管理
ssl_certificate fullchain.pem; # 由Certbot管理
ssl_certificate_key privkey.pem; # 由Certbot管理
include options-ssl-nginx.conf; # 由Certbot管理
ssl_dhparam ssl-dhparams.pem; # 由Certbot管理
}
这可能是什么原因造成的?
编辑:nginx版本为1.23.3。
/etc/letsencrypt/中的options-ssl-nginx.conf文件内容如下:
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
# + 一行ssl_ciphers
英文:
I have several add_header directives in my main http context of the nginx.conf file, such as:
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
There no other such directives in server and location contexts. For some reason, the header is not applied to server contexts. For example, this one:
server {
server_name my.example.com;
location / {
proxy_pass http://192.168.1.1:12345;
}
location /robots.txt {
return 200 "User-agent: *\nDisallow: /\n";
}
client_max_body_size 300M;
listen 443 ssl; # managed by Certbot
ssl_certificate fullchain.pem; # managed by Certbot
ssl_certificate_key privkey.pem; # managed by Certbot
include options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam ssl-dhparams.pem; # managed by Certbot
}
What could be causing this?
EDIT: nginx version is 1.23.3.
The file options-ssl-nginx.conf in /etc/letsencrypt/ has:
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
# + one line of ssl_ciphers
</details>
# 答案1
**得分**: 1
如注释中所解释的,向`add_header`指令添加`always`参数可以使标头适用于所有类型的HTTP响应(包括错误),详情请参阅文档:http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
<details>
<summary>英文:</summary>
As explained in comment, adding the `always` parameter to the `add_header` directive allows the header to be added for all kind of HTTP responses (errors included), see the doc for more details: http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
</details>
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论