当前位置: 文江博客话题详情

如何告诉nginx不要proxy_pass某些uris?

发布于 2025-01-23 13:01:54 字数 2315 浏览 0 评论 0原文

我有一个示例多容器设置,用于使react.js ui作为前端,并且存在db数据库服务器作为后端和通过openID_connect进行身份验证。这是github链接: https://github.com/github.com/github.com/lcahlander/multer-multi--multi--multi--multi--multi--multi--multi--mult-i- container-nginx-react-existDB

这是nginx default.conf文件:

upstream backend {
  zone backend 64k;
  server backend:8080;
}

upstream client {
  zone client 64k;
  server client:3000;
}

# Custom log format to include the 'sub' claim in the REMOTE_USER field
log_format main_jwt '$remote_addr - $jwt_claim_sub [$time_local] "$request" $status '
                    '$body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';

# The frontend server - reverse proxy with OpenID Connect authentication
#
server {
    include conf.d/openid_connect.server_conf; # Authorization code flow and Relying Party processing
    error_log /var/log/nginx/error.log debug;  # Reduce severity level as required

    listen 80;

    location /exist {
        # This site is protected with OpenID Connect
        auth_jwt "" token=$session_jwt;
        error_page 401 = @do_oidc_flow;

        #auth_jwt_key_file $oidc_jwt_keyfile; # Enable when using filename
        auth_jwt_key_request /_jwks_uri; # Enable when using URL

        # Successfully authenticated users are proxied to the backend,
        # with 'sub' claim passed as HTTP header
        proxy_set_header Bearer $jwt_claim_sub;
        proxy_pass http://backend;
        
        access_log /var/log/nginx/exist.log main_jwt;
    }

    location / {
        # This site is protected with OpenID Connect
        auth_jwt "" token=$session_jwt;
        error_page 401 = @do_oidc_flow;

        #auth_jwt_key_file $oidc_jwt_keyfile; # Enable when using filename
        auth_jwt_key_request /_jwks_uri; # Enable when using URL

        # Successfully authenticated users are proxied to the backend,
        # with 'sub' claim passed as HTTP header
        proxy_set_header Bearer $jwt_claim_sub;
        proxy_pass http://client;
        
        access_log /var/log/nginx/access.log main_jwt;
    }
}

问题是/_ codexch正在传递给客户端容器,而不是在Nginx容器中处理。我该如何解决?

先感谢您!

原文

I have a sample multi-container setup for having React.js ui as the frontend and eXist-db database server as the backend and authentication through openid_connect. Here is the GitHub link: https://github.com/lcahlander/multi-container-nginx-react-existdb

Here is the NGINX default.conf file:

upstream backend {
  zone backend 64k;
  server backend:8080;
}

upstream client {
  zone client 64k;
  server client:3000;
}

# Custom log format to include the 'sub' claim in the REMOTE_USER field
log_format main_jwt '$remote_addr - $jwt_claim_sub [$time_local] "$request" $status '
                    '$body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';

# The frontend server - reverse proxy with OpenID Connect authentication
#
server {
    include conf.d/openid_connect.server_conf; # Authorization code flow and Relying Party processing
    error_log /var/log/nginx/error.log debug;  # Reduce severity level as required

    listen 80;

    location /exist {
        # This site is protected with OpenID Connect
        auth_jwt "" token=$session_jwt;
        error_page 401 = @do_oidc_flow;

        #auth_jwt_key_file $oidc_jwt_keyfile; # Enable when using filename
        auth_jwt_key_request /_jwks_uri; # Enable when using URL

        # Successfully authenticated users are proxied to the backend,
        # with 'sub' claim passed as HTTP header
        proxy_set_header Bearer $jwt_claim_sub;
        proxy_pass http://backend;
        
        access_log /var/log/nginx/exist.log main_jwt;
    }

    location / {
        # This site is protected with OpenID Connect
        auth_jwt "" token=$session_jwt;
        error_page 401 = @do_oidc_flow;

        #auth_jwt_key_file $oidc_jwt_keyfile; # Enable when using filename
        auth_jwt_key_request /_jwks_uri; # Enable when using URL

        # Successfully authenticated users are proxied to the backend,
        # with 'sub' claim passed as HTTP header
        proxy_set_header Bearer $jwt_claim_sub;
        proxy_pass http://client;
        
        access_log /var/log/nginx/access.log main_jwt;
    }
}

The problem is that /_codexch is being passed to the client container instead of being processed in the nginx container. How do I fix that?

Thank you in advance!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

≈。彩虹 2025-01-30 13:01:54

我找到了我的解决方案。问题是proxy_set_header bearer $ jwt_claim_sub;应该是proxy_set_header bearer $ session_jwt;

I found my solution. The problem was that proxy_set_header Bearer $jwt_claim_sub; should be proxy_set_header Bearer $session_jwt;

回复 原文
~没有更多了~

关于作者

倾城月光淡如水﹏

暂无简介

文章
评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

饮湿

文章 0 评论 0

明月

文章 0 评论 0

02

文章 0 评论 0

hs1283

文章 0 评论 0

风向决定发型

文章 0 评论 0

落花浅忆

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文