我们正在反向代理后面使用https://aws.amazon.com/amazon-mq/中的网络控制台。
大多数基本功能都可以正常运行,但是Web面板中几乎每个活动操作(将消息发送到队列,清除队列等)都以 amazon内部网址结尾(https://b-asdfsad-fsdfasdf-asdfasdf.mq.eu-central-1.amazonaws.com),因此规避了反向代理并最终导致错误,因为我们出于安全原因阻止了对其的直接访问。
有什么想法如何使用可用的AmazonMQ配置选项告诉Web控制台,以防止重定向到除反向代理可访问的URL以外的任何内容?
更新,使用带有此配置的Nginx反向:
set $proxy_pass_url https://abc-def-xyz-1.mq.eu-central-1.amazonaws.com:8162;
location / {
proxy_pass $proxy_pass_url;
proxy_http_version 1.1;
proxy_set_header Authorization "Basic AUTHSTRING";
proxy_set_header X-Forwarded-User $remote_user;
proxy_set_header Host abc-def-xyz-1.mq.eu-central-1.amazonaws.com;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
答案 0 :(得分:0)
已经设置了主机头,但是Active MQs仪表板Jetty Config无论如何都需要知道主机,并且可能无法在AWS提供的atm的配置中做到这一点。
[...]
set $proxy_pass_url https://abc-def-xyz-1.mq.eu-central-1.amazonaws.com:8162;
location / {
proxy_pass $proxy_pass_url;
proxy_http_version 1.1;
proxy_set_header Authorization "Basic AUTHSTRING";
proxy_set_header X-Forwarded-User $remote_user;
proxy_set_header Host abc-def-xyz-1.mq.eu-central-1.amazonaws.com:8162;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
[...]