Nginx可选auth_request

时间:2015-03-23 12:39:00

标签: nginx

我想让nginx拒绝使用无效凭据的客户端,同时仍允许没有授权标头的客户端。

当前配置:

server {
    listen 443 ssl;
    server_name ...;

    proxy_http_version 1.1;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    location / {
        proxy_pass http://localhost:8080;
    }
}

如果auth_request在if内部工作,这将解决我的问题:

    location / {
        proxy_pass http://localhost:8080;
        if ($http_authorization) {
            auth_request /login;
        }
    }

1 个答案:

答案 0 :(得分:1)

这似乎有效:

    proxy_http_version 1.1;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    location /__auth {
        internal;
        proxy_pass http://localhost:8080/login;
    }

    location / {
        if ($http_authorization) {
            rewrite ^(.*)$ /_auth$1 last;
        }
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Logged-In "";
        proxy_pass http://localhost:8080;
    }

    location ~ /_auth(.*) {
        internal;
        set $gooduri $1;
        auth_request /__auth;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Logged-In 1;
        proxy_pass http://localhost:8080$gooduri;
    }

对于更好的解决方案仍然存在疑问。

相关问题
最新问题