我想使用多个auth_request指令来尝试使用多个服务器进行身份验证 - 即如果第一个auth服务器返回403,请尝试第二个auth服务器。我尝试了这样一种直截了当的方法:
location /api {
satisfy any;
auth_request /auth-1/;
auth_request /auth-2/;
proxy_pass http://api_impl;
}
location /auth-1/ {
internal;
proxy_pass http://auth_server_1;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
location /auth-2/ {
internal;
proxy_pass http://auth_server_2;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
但是nginx不会解析配置文件。我收到了回复
nginx: [emerg] "auth_request" directive is duplicate
有没有办法在nginx中实现这样的功能?
答案 0 :(得分:1)
在Google中找到相同的问题后,这是我的解决方案:
/auth上告诉nginx只是在上游使用它,因此它将顺序尝试所有身份验证“服务器”(由于503返回码),直到其中一个成功,或者最后一个返回401。upstream auth {
server 127.0.2.1:8000 max_fails=0;
server 127.0.2.1:8001 max_fails=0;
server 127.0.2.1:8002 max_fails=0;
}
# Method 1
server {
listen 127.0.2.1:8000;
location / {
proxy_pass http://auth_server_1; # Returns **503** on failure
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
}
# Method 2
server {
listen 127.0.2.1:8001;
location / {
proxy_pass http://auth_server_2; # Returns **503** on failure
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
}
# Method 3
server {
listen 127.0.2.1:8002;
location / {
proxy_pass http://auth_server_3; # Returns **401** on failure
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
}
server {
# ...
location /api {
auth_request /auth;
proxy_pass http://api_impl;
}
location /auth {
proxy_pass http://auth/;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URL $request_uri;
proxy_next_upstream error timeout http_503;
}
# ...
}