前言
闲的蛋疼瞎折腾。。
通过Nginx
保证全站HTTPS
时小饼干的安全性 0.0
在 nginx 的 location 中配置
1 2
| proxy_cookie_path / "/; httponly; secure; SameSite=Lax";
|
示例
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
| server { listen 443 ssl http2; server_name www.cat73.org;
ssl_certificate /etc/letsencrypt/live/cat73.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/cat73.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/cat73.org/chain.pem;
add_header X-XSS-Protection "1; mode=block"; add_header X-Frame-Options SAMEORIGIN; add_header Strict-Transport-Security "max-age=15768000";
location / { root /var/www/html; }
location /api { proxy_pass http://localhost:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_cookie_path / "/; httponly; secure; SameSite=Lax"; } }
|