使用auth_request模块和外部身份验证API的Nginx反向代理-错误404

时间:2018-10-18 07:44:53

标签: authentication nginx kibana nginx-reverse-proxy auth-request

我正在尝试将nginx配置为反向代理,以使用外部身份验证API保护另一台服务器(kibana)。

这是应该将我登录到kibana仪表板的URL-http://127.0.0.1/kibana_proxy?username=my.user&password=test67

身份验证完成后(即https状态为200),nginx会抛出404错误。但是错误日志中有-

  

2018/10/18 13:33:52 [错误] 10718#0:* 19 open()   “ / usr / share / nginx / html / app / kibana”失败(2:无此类文件或   目录),客户端:127.0.0.0.1,服务器:_,请求:“ GET / app / kibana   HTTP / 1.1”,主机:“ 127.0.0.1”,引荐来源网址:   “ http://127.0.0.1/kibana_proxy/?username=my.user&password=test67

这是我的nginx conf文件-

server {
    listen *:80;
    server_name _;

    location = /auth {
        set $query '';
        if ($request_uri ~* "[^\?]+\?(.*)$") {
            set $query $1;
        }
        proxy_pass http://127.0.0.1:8080/auth?$query;
        proxy_pass_request_body off;
        proxy_set_header Content-Length "";
    }

    location /kibana_proxy/ {
        proxy_pass http://127.0.0.1:5601/;
        auth_request /auth;
    }

    error_page 404 /404.html;
    location = /40x.html {

    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {

    }
}

2 个答案:

答案 0 :(得分:1)

无论何时使用Restricting Access with HTTP Basic Authentication,都应使用以下网址格式来访问受限网址

http://username:password@example.com/

无法通过标准HTTP身份验证中的查询参数传递用户名和密码。

更新

我觉得您的nginx设置需要一些更新。您应该重写网址以删除/kibana_proxy/

location /kibana_proxy/
{
     rewrite ^/kibana_proxy/(.*) /$1 break;
     proxy_pass http://localhost:5200;
     proxy_http_version 1.1;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection 'upgrade';
     proxy_set_header Host $host;
     proxy_set_header X-Forwarded-For $remote_addr;
     proxy_set_header  X-Real-IP  $remote_addr;
     proxy_cache_bypass $http_upgrade;
}

答案 1 :(得分:0)

对于那些寻求答案的人-这是nginx服务器配置文件,它为我解决了这个问题-

server {
  listen *:80;
  server_name 127.0.0.1;

  location = /auth {
      set $query '';
      if ($request_uri ~* "[^\?]+\?(.*)$") {
         set $query $1;
      }
      # add_header X-debug-message "Parameters being passed $is_args$args" always;
      proxy_pass http://127.0.0.1:8080/auth?$query;
  }

  location /kibana/ {
     rewrite ^/kibana/(.*) /$1 break;
     proxy_pass http://127.0.0.1:5601;
     proxy_http_version 1.1;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection 'upgrade';
     proxy_set_header Host $host;
     proxy_set_header X-Forwarded-For $remote_addr;
     proxy_set_header  X-Real-IP  $remote_addr;
     proxy_cache_bypass $http_upgrade;
     auth_request /auth;
  }

  location ~ (/app/|/app/kibana|/bundles/|/kibana4|/status|/plugins|/ui/|/api/|/monitoring/|/elasticsearch/) {
     proxy_pass http://127.0.0.1:5601;
     proxy_http_version 1.1;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "upgrade";
     proxy_set_header Host $host;
     rewrite /kibana4/(.*)$ /$1 break;
  }

  error_page 404 /404.html;
    location = /40x.html {
  }

  error_page 500 502 503 504 /50x.html;
    location = /50x.html {
  }
}
相关问题
最新问题