location / {
if ($request_method !~ ^(GET|HEAD|POST)$) {
return 405;
}
proxy_pass https://www.xxx.com:8743;
proxy_redirect https://www.xxx.com:7743/index https://www.xxx.com/index;
proxy_redirect https://www.xxx.com:8743/index https://www.xxx.com/index;
proxy_redirect https://www.xxx.com:8743/login https://www.xxx.com/login;
#echo '通过域名访问,方法二, $host, $remote_addr';
#Clickjacking:CSP frame-ancestors missing
#将本站内部http链接自动改为https
add_header Content-Security-Policy "frame-ancestors 'self'; default-src *;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval';img-src * data:;worker-src * blob:;font-src 'self' data:;";
add_header X-Frame-Options SAMEORIGIN always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header Cache-Control "private, no-cashe";
proxy_cookie_path / "/; name=value; HttpOnly; Secure; SameSite=None";
add_header Set-Cookie "Path=/; name=value; HttpOnly; Secure; SameSite=None";
}