worker_processes auto; #nginx worker 数量 error_log /home/frankly/work/AuthPlatform/logs/error.log info; #指定错误日志文件路径 #worker_rlimit_nofile 65535; events { worker_connections 1024; } http { ##lua_need_request_body on; #开启读取请求体数据 client_max_body_size 1024M; #允许最大100k的请求体 client_body_buffer_size 1024M; #设置缓冲区大小 #lua_code_cache off; #关闭代码缓存,修改lua脚本不需要重启 lua_package_path '$prefix/src/?/?.lua;$prefix/src/?.lua;/home/frankly/work/AuthPlatform/src/?/?.lua;/home/frankly/work/AuthPlatform/src/?.lua;;'; lua_package_cpath '$prefix/src/share/lib/?.so;/home/frankly/work/AuthPlatform/src/share/lib/?.so;;'; # Path of the file with trusted CA certificates. #lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt; # The verification depth in the server certificates chain. #lua_ssl_verify_depth 3; #在Nginx启动时执行的Lua代码块 #oauth2.0第三方验证后将code放到共享内存中 lua_shared_dict codeDict 10m; #init_by_lua_block { # -- 定义一个全局变量 # ngx.log(ngx.INFO, "Initializing global variable") # global_var = "Hello, Nginx with Lua!" # -- 初始化一个共享字典(需要 lua-shared-dict 模块) # local shared_dict = ngx.shared.dict_a # shared_dict:set("key", "value") #} #init_by_lua_block 与 init_by_lua_file 只能初始化其中的一个,不能同时启用 #否则报错nginx: [emerg] "init_by_lua_file" directive is duplicate #init_by_lua_file '/home/frankly/work/AuthPlatform/src/init.lua'; init_worker_by_lua_file '/home/frankly/work/AuthPlatform/src/init.lua'; server { listen 9080; server_name 127.0.0.1; default_type text/html; location = /favicon.ico { log_not_found off; access_log off; } ## 应用路径 todo 路径问题 set $APP_PATH '/home/frankly/work/AuthPlatform'; #访问时允许跨域处理 access_by_lua_block { ngx.header["Access-Control-Allow-Origin"] = "*"; ngx.header["Access-Control-Allow-Methods"] = "GET, POST, DELETE, PUT"; ngx.header["Access-Control-Allow-Headers"] = "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"; ngx.header["Access-Control-Max-Age"] = 1728000; ngx.header["Access-Control-Expose-Headers"] = "Content-Length,Content-Range"; if ngx.var.request_method == "OPTIONS" then ngx.status = 204 ngx.exit(ngx.OK) end } #OP端点配置 location /yum/v1/.well-known/openid-configuration { content_by_lua_block { local cjson = require "cjson" local config = { issuer = "http://localhost:9080", authorization_endpoint = "http://localhost:9080/yum/v1/oauth/v2/authorize", token_endpoint = "http://localhost:9080yum/v1/oauth/v2/token", userinfo_endpoint = "http://localhost:9080yum/v1/oauth/v2/userinfo", --jwks_uri = "http://localhost:9080/jwks", -- 公钥端点(可选) response_types_supported = {"code"}, subject_types_supported = {"public"}, id_token_signing_alg_values_supported = {"HS256"} } ngx.header["Content-Type"] = "application/json" ngx.say(cjson.encode(config)) } } #数据列表配置 include 'system/system.conf'; #测试接口配置 location /testTree { content_by_lua_file '${APP_PATH}/src/test/testRadixtree.lua'; } location /testRBAC { content_by_lua_file '${APP_PATH}/src/test/testRBAC.lua'; } location /test { content_by_lua_file '${APP_PATH}/src/test/test.lua'; } location = /testSM { content_by_lua_block { cjson = require "cjson.safe" ngx.say(cjson.encode({a = 1, b = 2})) local dict_a = ngx.shared.dict_a; ngx.say("abc=",dict_a:get("abc")) -- 访问全局变量 ngx.say("Global variable: ", global_var) -- 访问共享字典 ngx.say("Shared dict value: ", dict_a:get("key")) } } } #server { # listen 9081 ssl http2; # server_name *.*; # ssl_certificate ssl/metroid.crt; # ssl_certificate_key ssl/metroid.key; #} }