我正在尝试在使用Docker的EB部署上配置HTTP基本身份验证。我关注了这篇文章:http://sarahcassady.com/2016/09/18/deploy-aws-eb-app-with-auth-and-ssl/ 但是这种方法似乎仅适用于常规EB部署,不适用于docker。我在AWS EB控制台中收到以下错误消息:
[2018-08-06T14:15:35.874Z] ERROR [26161] : Command execution failed: Activity failed. (ElasticBeanstalk::ActivityFatalError)
caused by: nginx: [warn] duplicate MIME type "text/html" in /etc/nginx/sites-enabled/elasticbeanstalk-nginx-docker-proxy.conf:11
nginx: [emerg] host not found in upstream "my_app" in /etc/nginx/conf.d/dev.conf:5
nginx: configuration file /etc/nginx/nginx.conf test failed
(ElasticBeanstalk::ExternalInvocationError)
答案 0 :(得分:1)
我可以使用以下.ebextensions/01-http_basic_auth.config文件:
files:
/etc/nginx/.htpasswd:
mode: "000755"
owner: root
group: root
content: |
username:$apr1$k5WkOMBL$0FZNIWOLQMsHJAOREjemC/
/etc/nginx/conf.d/dev.conf:
mode: "000755"
owner: root
group: root
content: |
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://docker;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
/tmp/deployment/nginx_auth.sh:
mode: "000755"
content: |
sed -i 's/$proxy_add_x_forwarded_for;/$proxy_add_x_forwarded_for;\n auth_basic "Restricted";\n auth_basic_user_file \/etc\/nginx\/.htpasswd;\n/' /etc/nginx/conf.d/dev.conf
container_commands:
01nginx_auth:
command: "/tmp/deployment/nginx_auth.sh"
02restart_nginx:
command: "service nginx restart"
注意:问题在于,在EB上使用Docker进行部署时,必须将proxy_pass设置为http://docker;而不是http://my_app;
答案 1 :(得分:0)
我认为AWS EB更新了其配置,因为我尝试了nerdinand中的解决方案以及article于2019年2月更新的解决方案,均未成功。
我发现nginx配置现在是从可以扩展的模板文件创建的,但是没有空间添加基本的http身份验证(除非我错过了什么):/opt/elasticbeanstalk/config/private/nginx/nginx.template
[...]
include conf.d/*.conf;
map $http_upgrade $connection_upgrade {
default "upgrade";
}
server {
listen {{.InstancePort}} default_server;
gzip on;
gzip_comp_level 4;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
access_log /var/log/nginx/access.log main;
location / {
proxy_pass http://docker;
proxy_http_version 1.1;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# Include the Elastic Beanstalk generated locations
include conf.d/elasticbeanstalk/*.conf;
[...]
所以我想到了这个技巧:在.ebextensions中添加此脚本,该脚本可以直接更新模板,并在server{location{之后的$proxy_add_x_forwarded_for;中添加这两行
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
.ebextensions / 01-http_basic_auth_mlflow.config
files:
/etc/nginx/.htpasswd:
mode: "000755"
owner: root
group: root
content: |
mlflow:$apr1$f3D.agib$OUM5soeHzMazKYYRRWXQW/
/tmp/nginx_auth.sh:
mode: "000777"
content: |
match=$(grep Restricted /opt/elasticbeanstalk/config/private/nginx/nginx.template)
if [ -z "$match" ];
then
sed -i 's/$proxy_add_x_forwarded_for;/$proxy_add_x_forwarded_for;\n auth_basic "Restricted";\n auth_basic_user_file \/etc\/nginx\/.htpasswd;/' /opt/elasticbeanstalk/config/private/nginx/nginx.template
fi
container_commands:
01nginx_auth:
command: "sudo /tmp/nginx_auth.sh"