允许仅从我的域提供某些文件(如字体)——特定的技术需求
我有一个为我们的静态内容提供服务的 CDN。来自Internap。
为了使我的 html 中的 CDN url 更容易接受,我在 DNS 设置中添加了一个“CNAME”条目:
cache.mysite.com => CNAME 指向 Internap
Internap 服务器是源拉取服务器。所以我的域有一个指向 CDN 的“/public_html/cache”文件夹。
我放在这里的一些文件我只想从我自己的域中提供服务。
同样重要的是我的网站是在 Nginx 后面的。这是前端服务器,提供所有静态文件,如 ttf/woff/eot/css/js/gif 等。只有 PHP 需求在后端被代理到 Apache。
我遇到了“access-control-allow-origin”指令。 Nginx 也有办法做到这一点(有用的 ServerFault 文章 和有用的 StackOverFlow 文章 也),但我只想限制某些域的访问,我拥有。
我有点困惑的原因是因为我在提供字体和管理访问方面有三层:
- CDN
- Nginx静态服务器
- Apache(可能根本不需要,因为Nginx将文件提供给CDN,然后CDN接管?)
我的问题:
- 我应该如何在 Nginx 中指定一些选定的域。 “*”确实不是我需要的。这适用于我的域并且还涵盖相关的子域吗?
位置 ~* \.(eot|ttf|woff)$ { add_header Access-Control-Allow-Origin *.domain1.com,*.domain2.com }
我应该在 Nginx 内部的哪个位置指定这个块。在与我提供字体的特定域(前面提到的
cache.mysite.com)相关的虚拟主机文件中,还是在整个 Nginx 配置中?我需要 Apache 的东西吗?如果 Nginx 已经处理 webfont 格式并控制对其的访问。
谢谢!
I have a CDN that serves our static content. From Internap.
To make the CDN urls in my html a bit more palatable, I have a "CNAME" entry in my DNS settings:
cache.mysite.com => CNAME points to Internap
The Internap server is an origin pull server. So my domain has a "/public_html/cache" folder that is pointed to the CDN.
There are files I am putting here that I would like to serve only from my own domains.
Also important is that my site is behind Nginx. That's the front server, and serves all static files like ttf/woff/eot/css/js/gif, etc. Only the PHP needs are proxied in the backend to Apache.
I came across the "access-control-allow-origin" directive. Nginx has a way to do this too (useful ServerFault article and a useful StackOverFlow article too), but I want to limit the access from some domains only, which I own.
The reason I'm a little confused is because I have three layers in serving the fonts and managing access:
- CDN
- Nginx static server
- Apache (probably not needed at all as Nginx serves the file to the CDN, and then the CDN takes over?)
My questions:
- How should I specify some select domains in Nginx. The "*" is really not what I need. Will this work for my domains and also covering related subdomains--
location ~* \.(eot|ttf|woff)$ { add_header Access-Control-Allow-Origin *.domain1.com,*.domain2.com }
Where inside Nginx should I specify this block. In the vhost file related to the specific domain from which I'm serving fonts (
cache.mysite.commentioned earlier) or in the overall Nginx config?Do I need the Apache stuff at all? If Nginx is handling the webfont formats already and controlling access to it.
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果浏览器从 CDN 下载字体,则无法检查标头。这是因为 Internap 会缓存下载的文件,否则 CDN 会减慢速度,并且您的数据流量将保持不变。 Internap 可能提供仅接受某些推荐人的选项。
Access-Control-Allow-Origin选项可能有效,但您必须检查 CDN 是否也转发此标头。If the browser downloads the fonts from your CDN, then there is no way of checking the headers. This is because Internap caches the downloaded file, otherwise the CDN would slow things down, and your data-traffic would remain the same. It could be that Internap provides the option to only accept certain referrers.
The
Access-Control-Allow-Originoption might work, but you'll have to check to see if the CDN also forwards this header.您必须检查
HTTP_REFERRER标头以查看是否从您自己的域访问这些文件。如果没有,您可以随时重定向它们(也可能通过 403 错误进行重定向)
You have to check the
HTTP_REFERRERheader to see if the files are being accessed from your own domain or not.If not, you can always redirect them (and maybe through in a 403 error as well)