当前位置：文江博客话题详情

具有基本身份验证功能的 Apache 反向代理

发布于 2024-10-17 17:18:43 字数 138 浏览 4 评论 0 原文

在将流量转发到我的后端服务器之前，尝试使用基本身份验证配置我的反向代理。任何人都可以给我一个解决方案。

示例如下：

用户（互联网）->反向代理/虚拟主机服务器（需要在此处添加基本身份验证）->后端服务器（未经身份验证）

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

谎言月老 2024-10-24 17:18:43

您可以按照此处的说明进行操作：身份验证、授权和访问控制。反向代理的主要区别在于，您需要将身份验证内容放在 Location 块内，即使文档说它们只允许在 Directory 块中：

<Location />
    AuthType Basic
    ...
</Location>

在 Location 块之外，您可以放置代理命令，例如作为：

ProxyPass / http://localhost:8080/

You can follow the instructions here: Authentication, Authorization and Access Control. The main difference for your reverse proxy is that you'll want to put the auth stuff inside a Location block, even though the docs say that they're only allowed in Directory blocks:

<Location />
    AuthType Basic
    ...
</Location>

Outside the Location block you can put your proxy commands, such as:

ProxyPass / http://localhost:8080/

回复收藏 0 原文

束缚ｍ 2024-10-24 17:18:43

首先，检查你的apache2是否有utils包

sudo apt-get install apache2-utils

然后，设置用户名和密码。

sudo htpasswd -c /etc/apache2/.htpasswd <username>

之后，编辑你的反向代理以使用身份验证

<VirtualHost *:80>
    ProxyPreserveHost On

    ProxyPass / http://someaddress:1234/
    ProxyPassReverse / http://someaddress:1234/

    Timeout 5400
    ProxyTimeout 5400

    ServerName dev.mydomain.com
    ServerAlias *.dev.mydomain.com

    <Proxy *>
        Order deny,allow
        Allow from all
        Authtype Basic
        Authname "Password Required"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
    </Proxy>
</virtualhost>

至少，更新你的apache

sudo service apache2 reload

First, check if your apache2 has the utils package

sudo apt-get install apache2-utils

Then, set the username and password.

sudo htpasswd -c /etc/apache2/.htpasswd <username>

After that, edit your reverse proxy to use the authentication

<VirtualHost *:80>
    ProxyPreserveHost On

    ProxyPass / http://someaddress:1234/
    ProxyPassReverse / http://someaddress:1234/

    Timeout 5400
    ProxyTimeout 5400

    ServerName dev.mydomain.com
    ServerAlias *.dev.mydomain.com

    <Proxy *>
        Order deny,allow
        Allow from all
        Authtype Basic
        Authname "Password Required"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
    </Proxy>
</virtualhost>

At least, update your apache

sudo service apache2 reload

回复收藏 0 原文

z祗昰~ 2024-10-24 17:18:43

这是我用来通过 https 对数据库完成基本身份验证的配置。我的后端服务器正在运行 Tomcat，我使用 AJP 连接到它。有趣的端口号（4443）是因为标准端口（443）已经被使用，并且我不想在同一端口上配置多个https服务。

<IfModule mod_ssl.c>
NameVirtualHost *:4443
<VirtualHost *:4443>
        ServerAdmin webmaster@localhost
        ServerName ws.myserver.se
        ServerAlias ws.myserveralias.se
        ErrorLog /var/log/apache2/ajpProxy.error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel info

        CustomLog /var/log/apache2/ajpProxy.log combined

        DBDriver mysql
        DBDParams "host=127.0.0.1 port=3306 user=proxyAuthUser pass=yourDbPasswordHere dbname=yourDbName"
        DBDMin  4
        DBDKeep 8
        DBDMax  20
        DBDExptime 300        

        <Proxy *>
              # core authentication and mod_auth_basic configuration
              # for mod_authn_dbd
              AuthType Basic
              AuthName "Backend auth name"
              AuthBasicProvider dbd

             # core authorization configuration
              Require valid-user

              # mod_authn_dbd SQL query to authenticate a user
              AuthDBDUserPWQuery \
                "SELECT password FROM user WHERE emailAddress = %s"

              AddDefaultCharset Off
              Order deny,allow
              Allow from all
        </Proxy>

        ProxyPass / ajp://localhost:8009/
        ProxyPassReverse / ajp://localhost:8009/

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile    /etc/apache2/ssl/yourCertificateFile.crt
        SSLCertificateKeyFile /etc/apache2/ssl/yourPrivateKeyFile.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

        BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        # MSIE 7 and newer should be able to use keepalive
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>

Here's the config I have used to accomplish basic authentication over https against a database. My backend server is running Tomcat and I connect to it using AJP. The funny port number (4443) is because the standard port (443) was already used, and I didn't want to configure several https services on the same port.

<IfModule mod_ssl.c>
NameVirtualHost *:4443
<VirtualHost *:4443>
        ServerAdmin webmaster@localhost
        ServerName ws.myserver.se
        ServerAlias ws.myserveralias.se
        ErrorLog /var/log/apache2/ajpProxy.error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel info

        CustomLog /var/log/apache2/ajpProxy.log combined

        DBDriver mysql
        DBDParams "host=127.0.0.1 port=3306 user=proxyAuthUser pass=yourDbPasswordHere dbname=yourDbName"
        DBDMin  4
        DBDKeep 8
        DBDMax  20
        DBDExptime 300        

        <Proxy *>
              # core authentication and mod_auth_basic configuration
              # for mod_authn_dbd
              AuthType Basic
              AuthName "Backend auth name"
              AuthBasicProvider dbd

             # core authorization configuration
              Require valid-user

              # mod_authn_dbd SQL query to authenticate a user
              AuthDBDUserPWQuery \
                "SELECT password FROM user WHERE emailAddress = %s"

              AddDefaultCharset Off
              Order deny,allow
              Allow from all
        </Proxy>

        ProxyPass / ajp://localhost:8009/
        ProxyPassReverse / ajp://localhost:8009/

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile    /etc/apache2/ssl/yourCertificateFile.crt
        SSLCertificateKeyFile /etc/apache2/ssl/yourPrivateKeyFile.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

        BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        # MSIE 7 and newer should be able to use keepalive
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>

回复收藏 0 原文

~没有更多了~

关于作者

々眼睛长脚气

暂无简介

0 文章

0 评论

22 人气

关注发私信

友情链接

文江博客

具有基本身份验证功能的 Apache 反向代理

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

评论（3）

关于作者

相关话题

热门标签

推荐作者

1CH1MKgiKxn9p

ゞ记忆︶ㄣ

JackDx

信远

yaoduoduo1995

霞映澄塘

友情链接

具有基本身份验证功能的 Apache 反向代理

如果你对这篇内容有疑问，欢迎到本站社区发帖提问 参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

评论（3）

关于作者

相关话题

热门标签

推荐作者

1CH1MKgiKxn9p

ゞ记忆︶ㄣ

JackDx

信远

yaoduoduo1995

霞映澄塘

友情链接

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。