用 Nginx 给 Cookie 增加 Secure 和 HttpOnly

在 nginx 的 location 中配置

# 只支持 proxy 模式下设置,SameSite 不需要可删除,如果想更安全可以把 SameSite 设置为 Strict

proxy_cookie_path / "/; httponly; secure; SameSite=Lax";

示例

server {

    listen 443 ssl http2;

    server_name www.zhl123.cn;



    ssl_certificate /etc/letsencrypt/live/zhl123.cn/fullchain.pem;

    ssl_certificate_key /etc/letsencrypt/live/zhl123.cn/privkey.pem;


    ssl_trusted_certificate /etc/letsencrypt/live/zhl123.cn/chain.pem;


    add_header X-XSS-Protection "1; mode=block";

    add_header X-Frame-Options SAMEORIGIN;

    add_header Strict-Transport-Security "max-age=15768000";


    location / {

        root /var/www/html;

    }


    location /123 {

        proxy_pass http://localhost:8080;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # 在这里设置

        proxy_cookie_path / "/; httponly; secure; SameSite=Lax";

    }

}

上一篇:Centos7 利用iptables防止nmap工具防端口扫描

下一篇:开启 HTTPS 并获得 ssllabs 满分的过程