# 基于 state 参数端口分发的 OAuth2 回调 Nginx 配置 # 只保留回调分发相关配置,其他内容全部删除 # 1. 端口白名单映射(只允许指定端口) map $arg_state $target_port { default ""; ~^login(51703)_ 51703; ~^login(51704)_ 51704; ~^login(51705)_ 51705; ~^login(51706)_ 51706; ~^login(51707)_ 51707; ~^login(51708)_ 51708; } # 2. 统一回调入口,根据 state 分发到对应端口 server { listen 80; server_name 10.79.97.17; location /callback { # 未匹配到允许端口直接返回 400 if ($target_port = "") { return 400 "Invalid or unsupported state/port"; } # 反向代理到本地对应端口的 /callback proxy_pass http://10.79.97.17:$target_port/callback$is_args$args; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }