如何使用 nginx 允许你的 EtherPad 被包含在 IFrame 中
在我们之前的文章使用 nginx 作为反向代理的 Etherpad 现代 Docker-Compose 配置中,我们展示了如何创建简单、可靠的 Etherpad 安装。
然而,如果你想在外部网站上包含 Etherpad,你将看到类似这样的连接拒绝错误
output.txt
Refused to display 'https://etherpad.nemeon.eu/p/Test123' in a frame because it set 'X-Frame-Options' to 'sameorigin'.并且 Etherpad iframe 不会加载。
为了修复此问题,我们将在 nginx 配置中添加一行。使用此方法,你需要列出所有允许包含 Etherpad 的域名(在此示例中为 https://gather.town)。
要添加的行是
nginx.conf
add_header "X-Frame-Options" "Allow-From https://gather.town";需要添加到 location / { ... } 块内。location / 块的完整示例:
nginx.conf
location / {
proxy_pass http://localhost:17201/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_redirect default;
add_header "X-Frame-Options" "Allow-From https://gather.town";
}完整 nginx 配置示例:
nginx.conf
server {
server_name etherpad.mydomain.de;
access_log off;
error_log /var/log/nginx/etherpad.mydomain.de-error.log;
location / {
proxy_pass http://localhost:17201/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_redirect default;
add_header "X-Frame-Options" "Allow-From https://gather.town";
}
listen [::]:443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/etherpad.mydomain.de/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/etherpad.mydomain.de/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
}
server {
if ($host = etherpad.mydomain.de) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen [::]:80; # managed by Certbot
server_name etherpad.mydomain.de;
return 404; # managed by Certbot
}工作原理
在 nginx 内反向代理的 etherpad 后端将添加 X-Frame-Options: sameorigin 头,有效地禁止来自其他域的 iframe。使用 add_header 子句,nginx 将用 Allow-From https://gather.town 覆盖此值。浏览器将只看到 Allow-From https://gather.town,允许从列出的域包含 iframe。
Check out similar posts by category:
Networking, Nginx
If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow