120 lines
4.6 KiB
Nginx Configuration File
120 lines
4.6 KiB
Nginx Configuration File
worker_processes auto; #nginx worker 数量
|
|
error_log /home/frankly/work/AuthPlatform/logs/error.log info; #指定错误日志文件路径
|
|
|
|
#worker_rlimit_nofile 65535;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
|
|
##lua_need_request_body on; #开启读取请求体数据
|
|
client_max_body_size 1024M; #允许最大100k的请求体
|
|
client_body_buffer_size 1024M; #设置缓冲区大小
|
|
|
|
lua_code_cache on; #代码缓存
|
|
|
|
lua_package_path '$prefix/src/?/?.lua;$prefix/src/?.lua;/home/frankly/work/AuthPlatform/src/?/?.lua;/home/frankly/work/AuthPlatform/src/?.lua;;';
|
|
lua_package_cpath '$prefix/src/share/lib/?.so;/home/frankly/work/AuthPlatform/src/share/lib/?.so;;';
|
|
|
|
# Path of the file with trusted CA certificates.
|
|
#lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
|
|
|
|
# The verification depth in the server certificates chain.
|
|
#lua_ssl_verify_depth 3;
|
|
|
|
#在Nginx启动时执行的Lua代码块
|
|
#oauth2.0第三方验证后将code放到共享内存中
|
|
lua_shared_dict codeDict 10m;
|
|
#init_by_lua_block {
|
|
# -- 定义一个全局变量
|
|
# ngx.log(ngx.INFO, "Initializing global variable")
|
|
# global_var = "Hello, Nginx with Lua!"
|
|
# -- 初始化一个共享字典(需要 lua-shared-dict 模块)
|
|
# local shared_dict = ngx.shared.dict_a
|
|
# shared_dict:set("key", "value")
|
|
#}
|
|
#init_by_lua_block 与 init_by_lua_file 只能初始化其中的一个,不能同时启用
|
|
#否则报错nginx: [emerg] "init_by_lua_file" directive is duplicate
|
|
#init_by_lua_file '/home/frankly/work/AuthPlatform/src/init.lua';
|
|
|
|
init_worker_by_lua_file '/home/frankly/work/AuthPlatform/src/init.lua';
|
|
|
|
server {
|
|
listen 9080;
|
|
server_name 127.0.0.1;
|
|
default_type text/html;
|
|
location = /favicon.ico {
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
## 应用路径 todo 路径问题
|
|
set $APP_PATH '/home/frankly/work/AuthPlatform';
|
|
|
|
# 全局 CORS 配置 访问时允许跨域处理
|
|
add_header Access-Control-Allow-Origin *;
|
|
add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';
|
|
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
|
|
|
|
if ($request_method = 'OPTIONS') {
|
|
return 204;
|
|
}
|
|
|
|
#OP端点配置
|
|
location /yum/v1/.well-known/openid-configuration {
|
|
content_by_lua_block {
|
|
local cjson = require "cjson"
|
|
local config = {
|
|
issuer = "http://localhost:9080",
|
|
authorization_endpoint = "http://localhost:9080/yum/v1/oauth/v2/authorize",
|
|
token_endpoint = "http://localhost:9080yum/v1/oauth/v2/token",
|
|
userinfo_endpoint = "http://localhost:9080yum/v1/oauth/v2/userinfo",
|
|
--jwks_uri = "http://localhost:9080/jwks", -- 公钥端点(可选)
|
|
grant_types_supported = { "authorization_code", "token", "refresh_token" }, -- 新增支持 refresh_token
|
|
response_types_supported = { "code" },
|
|
subject_types_supported = { "public" },
|
|
id_token_signing_alg_values_supported = { "HS256" },
|
|
refresh_token_issuance_supported = true -- 声明支持颁发 refresh_token
|
|
}
|
|
ngx.header["Content-Type"] = "application/json"
|
|
ngx.say(cjson.encode(config))
|
|
}
|
|
}
|
|
|
|
#数据列表配置
|
|
include 'system/system.conf';
|
|
|
|
#测试接口配置
|
|
location /testTree {
|
|
content_by_lua_file '${APP_PATH}/src/test/testRadixtree.lua';
|
|
}
|
|
location /testRBAC {
|
|
content_by_lua_file '${APP_PATH}/src/test/testRBAC.lua';
|
|
}
|
|
location /test {
|
|
content_by_lua_file '${APP_PATH}/src/test/test.lua';
|
|
}
|
|
location = /testSM {
|
|
content_by_lua_block {
|
|
cjson = require "cjson.safe"
|
|
ngx.say(cjson.encode({a = 1, b = 2}))
|
|
local dict_a = ngx.shared.dict_a;
|
|
ngx.say("abc=",dict_a:get("abc"))
|
|
|
|
-- 访问全局变量
|
|
ngx.say("Global variable: ", global_var)
|
|
|
|
-- 访问共享字典
|
|
ngx.say("Shared dict value: ", dict_a:get("key"))
|
|
}
|
|
}
|
|
}
|
|
|
|
#server {
|
|
# listen 9081 ssl http2;
|
|
# server_name *.*;
|
|
# ssl_certificate ssl/metroid.crt;
|
|
# ssl_certificate_key ssl/metroid.key;
|
|
#}
|
|
} |