我有一个在Nginx反向代理后面运行的PHP / Apache Intranet站点。 我的网站在docker中运行,而nginx代理也在docker(jwilder/nginx-proxy)中运行
问题是我通过nginx反向代理访问站点时未设置REMOTE_USER。但是,如果我不使用反向代理访问该站点,则可以使用。
为什么反向代理无法接收此标头,如何将其通过代理传递?
我已经尝试过Traefik,但问题仍然存在。 REMOTE_USER标头不存在。
在我的apache conf中,我使用kerberos来获取用户的用户名:
<VirtualHost *:80>
DocumentRoot /app
<Directory /app>
# Kreberos
# By default, allow access to anyone.
Order allow,deny
Allow from All
# Require authentication for internal private network users.
# Deny from 10.0.0.0/8
# Enable Kerberos authentication using mod_auth_kerb.
AuthType Kerberos
AuthName "mysite"
KrbAuthRealm MYDOMAIN
Krb5KeyTab "/etc/krb5.keytab"
KrbMethodNegotiate on
KrbSaveCredentials on
KrbVerifyKDC on
KrbServiceName Any
Require valid-user
Satisfy Any
RequestHeader set X-REMOTE-USER %{REMOTE_USER}s
</Directory>
</VirtualHost>
我的nginx反向代理配置:(默认的jwilder / nginx代理配置)
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
underscores_in_headers on;
proxy_pass_request_headers on;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";