如何在 App Engine Flex 上将 HSTS headers 添加到我的 nginx / React 应用程序?
How do I add HSTS headers to my nginx / react app on app engine flex?
我在 App Engine 灵活环境中通过 nginx 获得了一个 React 应用程序 运行,使用自定义域和 SSL,我想添加 HSTS headers。
我知道我可以从哪些资源中找到我的应用程序代码本身需要为 header 提供服务,而不是将它们直接放在任何 app.yaml 文件中,
所以我想我可以按照 https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
中所述通过我的 nginx.conf 来完成
但是,我的 nginx 块专门用于响应应用引擎请求,所以它实际上只监听 :8080 -
我的印象是所有请求都从 App Engine 发送到 :8080,所以我不认为添加另一个服务器块来侦听 443 会做任何事情吗?
也许我最好让 React 应用以某种方式为 header?
worker_processes 1;
events {
worker_connections 1024;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logs will appear on the Google Developer's Console when logged to
this
# directory.
access_log /var/log/app_engine/app.log;
error_log /var/log/app_engine/app.log;
gzip on;
gzip_disable "msie6";
server {
listen 8080;
server_name localhost;
root /src/build;
if ( $http_x_forwarded_proto = 'http' ) {
return 301 https://$host$request_uri;
}
location /nginx_status {
stub_status on;
access_log off;
}
location / {
try_files $uri $uri/ /index.html;
}
}
}
好吧,现在我觉得自己很傻。
我所要做的就是在正确的位置添加以下行:
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
我最初试图将它添加到 if ( $http_x_forwarded... 部分的正上方,我也在最后用 always 关键字尝试它,但我的部署一直失败,其中包含这一行.
无论如何,它有效!
完整结果 nginx.conf 如下:
worker_processes 1;
events {
worker_connections 1024;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logs will appear on the Google Developer's Console
# when logged to this directory.
access_log /var/log/app_engine/app.log;
error_log /var/log/app_engine/app.log;
gzip on;
gzip_disable "msie6";
server {
listen 8080;
server_name localhost;
root /src/build;
if ( $http_x_forwarded_proto = 'http' ) {
return 301 https://$host$request_uri;
}
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location /nginx_status {
stub_status on;
access_log off;
}
location / {
try_files $uri $uri/ /index.html;
}
}
}
我在 App Engine 灵活环境中通过 nginx 获得了一个 React 应用程序 运行,使用自定义域和 SSL,我想添加 HSTS headers。
我知道我可以从哪些资源中找到我的应用程序代码本身需要为 header 提供服务,而不是将它们直接放在任何 app.yaml 文件中,
所以我想我可以按照 https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
中所述通过我的 nginx.conf 来完成但是,我的 nginx 块专门用于响应应用引擎请求,所以它实际上只监听 :8080 -
我的印象是所有请求都从 App Engine 发送到 :8080,所以我不认为添加另一个服务器块来侦听 443 会做任何事情吗?
也许我最好让 React 应用以某种方式为 header?
worker_processes 1;
events {
worker_connections 1024;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logs will appear on the Google Developer's Console when logged to
this
# directory.
access_log /var/log/app_engine/app.log;
error_log /var/log/app_engine/app.log;
gzip on;
gzip_disable "msie6";
server {
listen 8080;
server_name localhost;
root /src/build;
if ( $http_x_forwarded_proto = 'http' ) {
return 301 https://$host$request_uri;
}
location /nginx_status {
stub_status on;
access_log off;
}
location / {
try_files $uri $uri/ /index.html;
}
}
}
好吧,现在我觉得自己很傻。
我所要做的就是在正确的位置添加以下行:
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
我最初试图将它添加到 if ( $http_x_forwarded... 部分的正上方,我也在最后用 always 关键字尝试它,但我的部署一直失败,其中包含这一行.
无论如何,它有效!
完整结果 nginx.conf 如下:
worker_processes 1;
events {
worker_connections 1024;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logs will appear on the Google Developer's Console
# when logged to this directory.
access_log /var/log/app_engine/app.log;
error_log /var/log/app_engine/app.log;
gzip on;
gzip_disable "msie6";
server {
listen 8080;
server_name localhost;
root /src/build;
if ( $http_x_forwarded_proto = 'http' ) {
return 301 https://$host$request_uri;
}
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location /nginx_status {
stub_status on;
access_log off;
}
location / {
try_files $uri $uri/ /index.html;
}
}
}