喻勇祥
5f3fd38bb1
## 问题根源(终于找到了!) Nginx反向代理默认不会正确传递Cookie,导致: 1. 后端设置的 Set-Cookie 响应头被Nginx丢弃 2. 前端发送的 Cookie 请求头无法到达后端 3. 验证码session完全无法工作 ## 症状 - 验证码一直提示"已过期" - 即使前端配置了 withCredentials: true 也无效 - 浏览器看不到 captcha.sid cookie ## 修复方案 在 nginx.conf 的 /api/ location 块中添加: ```nginx # Cookie传递配置(验证码session需要) proxy_set_header Cookie $http_cookie; proxy_pass_header Set-Cookie; ``` ### 配置说明 1. `proxy_set_header Cookie $http_cookie;` - 将浏览器发送的Cookie转发给后端 - 后端可以读取验证码session 2. `proxy_pass_header Set-Cookie;` - 将后端的Set-Cookie响应头传递给浏览器 - 浏览器可以保存验证码session cookie ## 完整的验证码工作流程 1. **验证码生成**: ``` 浏览器 → Nginx → 后端生成验证码和session 后端 → Set-Cookie: captcha.sid=xxx → Nginx → 浏览器保存 ``` 2. **验证码验证**: ``` 浏览器(带Cookie) → Nginx → 后端读取session验证 ``` ## 部署说明 ### Docker环境 ```bash docker-compose down docker-compose up -d ``` ### 手动Nginx ```bash nginx -t # 测试配置 nginx -s reload # 重新加载 ``` ## 验证方法 1. 清除浏览器Cookie 2. F12 → Network → 清除日志 3. 访问登录页,输错密码2次 4. 查看 /api/captcha 响应头应该有 Set-Cookie 5. 查看 /api/login 请求头应该有 Cookie: captcha.sid=xxx 6. 输入验证码应该能正常通过 ## 相关提交 此修复配合以下提交才能完整工作: - 后端session配置修复 (7ce9d95) - 前端axios withCredentials配置 (83773ef) - Nginx Cookie传递配置 (本提交) 三个修复缺一不可! 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
68 lines
2.0 KiB
Nginx Configuration File
68 lines
2.0 KiB
Nginx Configuration File
server {
|
||
listen 80;
|
||
server_name localhost;
|
||
|
||
# 设置最大上传文件大小为10GB
|
||
client_max_body_size 10G;
|
||
|
||
# 安全响应头
|
||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||
add_header X-Content-Type-Options "nosniff" always;
|
||
add_header X-XSS-Protection "1; mode=block" always;
|
||
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
||
|
||
# 隐藏Nginx版本
|
||
server_tokens off;
|
||
|
||
# 禁止访问隐藏文件和敏感文件
|
||
location ~ /\. {
|
||
deny all;
|
||
return 404;
|
||
}
|
||
|
||
location ~ \.(env|git|config|key|pem|crt)$ {
|
||
deny all;
|
||
return 404;
|
||
}
|
||
|
||
# 前端静态文件
|
||
location / {
|
||
root /usr/share/nginx/html;
|
||
index index.html;
|
||
try_files $uri $uri/ =404;
|
||
}
|
||
|
||
# 后端API反向代理
|
||
location /api/ {
|
||
proxy_pass http://backend:40001;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection 'upgrade';
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
# 修复:使用当前请求协议(http或https),适用于直接IP访问
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_cache_bypass $http_upgrade;
|
||
|
||
# Cookie传递配置(验证码session需要)
|
||
proxy_set_header Cookie $http_cookie;
|
||
proxy_pass_header Set-Cookie;
|
||
|
||
# 增加超时时间支持大文件上传
|
||
proxy_connect_timeout 300;
|
||
proxy_send_timeout 300;
|
||
proxy_read_timeout 300;
|
||
}
|
||
|
||
# 分享链接重定向
|
||
location /s/ {
|
||
proxy_pass http://backend:40001;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
# 修复:使用当前请求协议(http或https),适用于直接IP访问
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
}
|
||
}
|