TOTVS Fluig

Atalhos

Árvore de páginas

Versões comparadas

Versão antiga 8

changes.mady.by.user Vanei Anderson Heidemann

Gravado em

comparado com

Nova versão 9

changes.mady.by.user Vanei Anderson Heidemann

Gravado em

Chave

  • Esta linha foi adicionada.
  • Esta linha foi removida.
  • A formatação mudou.

...

Bloco de código
languagetext
titlefluig.conf
upstream fluig-http {
    server vanei-note-dell192.168.2.100:8080;
}

server {
    listen                    443 ssl;
    server_name               *.minhaempresa.com;
    server_tokens             off;
    ssl_certificate           fullchain.pem;
    ssl_certificate_key       privkey.pem;
	ssl_protocols             TLSv1.2 TLSv1.3;
	ssl_ciphers               ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK;
	ssl_prefer_server_ciphers on;
	ssl_session_cache         shared:SSL:10m;

    location / {
        set $CORS "";
        # Lista de origens permitidas
        if ($http_origin ~* "^https://(www.minhaempresa.com|empresa1.com|api.empresa2.com)$") {
            set $CORS "O";
        }
        if ($request_method = 'OPTIONS') {
            set $CORS "${CORS}O";
        }

        if ($CORS = "OO") {
            add_header Access-Control-Allow-Origin $http_origin;
            add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS, PUT';
            add_header Access-Control-Allow-Headers 'Accept,Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
            add_header Access-Control-Allow-Credentials 'true';
            add_header Access-Control-Max-Age 3600;
            add_header Content-Type 'text/plain charset=UTF-8';
            add_header Content-Length 0;

            return 204;
        }

        if ($CORS = "O") {
            add_header Access-Control-Allow-Origin $http_origin;
            add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS, PUT';
            add_header Access-Control-Allow-Headers 'Accept,Authorization,Content-Type,X-Requested-With,User-Agent,If-Modified-Since,Cache-Control';
            add_header Access-Control-Allow-Credentials 'true';
            add_header Access-Control-Max-Age 3600;
        }

        proxy_pass http://fluig-http;
        proxy_ssl_verify    off;
        proxy_ssl_ciphers   HIGH:!aNULL:!MD5;

        proxy_set_header X-Forwarded-Host $host:443;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Real-IP $remote_addr;
		
        client_max_body_size       880m;
        client_body_buffer_size    256k;

        proxy_connect_timeout      800;
        proxy_send_timeout         800;
        proxy_read_timeout         800;

        proxy_buffer_size          8k;
        proxy_buffers              8 32k;
        proxy_busy_buffers_size    64k;
        proxy_temp_file_write_size 64k;
    }
}

Utilizando Apache para configurar CORS

A seguir um exemplo de configuração para o Apache que pode ser usado como base para configurá-lo para fazer a validação de CORS. Essa configuração é úm aprimoramento da configuração descrita em Configuração de Proxy Reverso (Configuração do Apache (SSL) + Fluig (HTTP))

Bloco de código
languagetext
titlefluig.conf
SetEnvIf Origin "http(s)?://(www.minhaempresa.com|empresa1.com|api.empresa2.com)$" AccessControlAllowOrigin=$0
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin

Header set Access-Control-Allow-Headers: "Accept,Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"
Header set Access-Control-Allow-Methods: "GET, PUT, POST, OPTIONS, DELETE"
Header Set Access-Control-Request-Method: "GET, PUT, POST, OPTIONS, DELETE"
Header Set Access-Control-Allow-Credentials: "true"
Header Set Access-Control-Max-Age "3600"

<VirtualHost *:80>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

<VirtualHost *:443>
    ServerName minhaempresa.com
    RequestHeader set X-Forwarded-Host 192.168.2.100:443
    RequestHeader set X-Forwarded-Proto https
    SSLProxyEngine On
    SSLEngine On
    SSLCertificateFile "conf/cert1.pem"
    SSLCertificateKeyFile "conf/privkey1.pem"
    SSLCertificateChainFile "conf/fullchain1.pem"
    ProxyPreserveHost On
    ProxyPass / http://192.168.2.100:8080/
    ProxyPassReverse / https://minhaempresa.com/
</VirtualHost>
  
<VirtualHost *:21>
    ServerName minhaempresa.com
    ProxyPreserveHost On
    ProxyPass / ftp://192.168.2.100/
    ProxyPassReverse / ftp://192.168.2.100:21/
</VirtualHost>