如果开启nginx反向代理的缓存,可能会因为登陆缓存导致信息泄露,所以通过配置禁止缓存路径即可完成
在反向代理nginx使用以下代码即可实现
(注意需要替换admin、反向代理的地址以及域名)
# 禁止缓存登录相关路径
location ^~ /admin {
proxy_pass http://地址;
proxy_set_header Host blog.go176.net;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
# 禁止缓存
add_header Cache-Control "no-store, no-cache, must-revalidate, private";
add_header Pragma "no-cache";
add_header Expires "0";
add_header Vary "Cookie, Authorization";
proxy_cache off; # 明确关闭缓存
}如果有多个路径例如admin和login,只需要复制粘贴两个即可
location ^~ /admin {
proxy_pass http://地址;
proxy_set_header Host blog.go176.net;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
# 禁止缓存
add_header Cache-Control "no-store, no-cache, must-revalidate, private";
add_header Pragma "no-cache";
add_header Expires "0";
add_header Vary "Cookie, Authorization";
proxy_cache off; # 明确关闭缓存
}
location ^~ /login {
proxy_pass http://地址;
proxy_set_header Host blog.go176.net;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
# 禁止缓存
add_header Cache-Control "no-store, no-cache, must-revalidate, private";
add_header Pragma "no-cache";
add_header Expires "0";
add_header Vary "Cookie, Authorization";
proxy_cache off; # 明确关闭缓存
}