I'm using Dokku to host my app at DigitalOcean. Dokku run nginx 1.6 to proxy Docker apps simulating a Heroku-like environment. The app's all share similar default configs like below.
My Node.js server uses CORS middleware to tell the browser to allow www.myapp.com to make calls to api.myapp.com:
This works fine on my local computer. When I deploy it, I'm getting a CORS error in the browser:
XMLHttpRequest cannot load https://api.myapp.com/r_u_up. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.myapp.com' is therefore not allowed access. The response had HTTP status code 502.
So, WTF, over.
I found this nginx CORS config but it seems very crufty. Is this old code, or the best way? This plugin uses that config.
I'd prefer a simpler config that just passes the response headers through. My app doesn't need nginx to intercept them. How can I configure that?
App nginx.conf's:
upstream www { server 172.17.0.135:5000; }
server {
listen [::]:80;
listen 80;
server_name www.myapp.com ;
return 301 https://www.myapp.com$request_uri;
}
server {
listen [::]:443 ssl spdy;
listen 443 ssl spdy;
server_name www.myapp.com;
keepalive_timeout 70;
add_header Alternate-Protocol 443:npn-spdy/2;
location / {
proxy_pass http://www;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Request-Start $msec;
}
include /home/dokku/www/nginx.conf.d/*.conf;
}
Update: so it turns out CORS is a zombified-walking-dead-crazy spec, and yes doing this with an nginx config is the best way.
http://enable-cors.org/
The reason nginx is the best way is that nginx is the fastest and closest process to the client.
If nginx can take care of the request w/o touching your app (node.js, php, rails, etc) then your app will scale easier, and run faster.