nginx error_page重定向固定标头
我正在尝试编写用于身份验证的NGINX配置,但是我不确定在使用302重定向时如何保留标头。
以下是如何设置服务器的示例。
location / {
#send to /auth/ for authentication
request_auth /auth/;
#upon failure, redirect to login
error_page 401 404 = @noaccess;
...
}
location @noaccess {
return 302 /login/;
}
location /auth/ {
internal;
proxy_pass http://127.0.0.1:8888/;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
#The header set here is what I would like to retain
proxy_set_header X-Original-URI $request_uri;
}
location /login/ {
proxy_pass http://127.0.0.1:9000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#by the time 302 redirect, $request_uri is no longer the original...
proxy_set_header X-Target $request_uri;
}
本质上,必须首先在/auth/位置进行身份验证服务器的所有请求。这个位置通常将拥有我在其子请求中关心的$ request_uri。但是,每当requeset_auth指令失败时,我们都会与@noaccess位置重定向,nginx向/login/login/code>>>>。 我有没有办法保留原始的$ request_uri,以便将其作为标头发送到/login/login/位置? (这是为了稍后在成功身份验证后进行重定向而需要的)。
我已经看到一些用户谈论auth_request_set 指令,但老实说,我不明白如何有效使用它以及如何重命名或可用。
I am trying to write an nginx configuration for authentication, but I am unsure of how to retain headers when using a 302 redirect.
Below is an example of how the server is setup.
location / {
#send to /auth/ for authentication
request_auth /auth/;
#upon failure, redirect to login
error_page 401 404 = @noaccess;
...
}
location @noaccess {
return 302 /login/;
}
location /auth/ {
internal;
proxy_pass http://127.0.0.1:8888/;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
#The header set here is what I would like to retain
proxy_set_header X-Original-URI $request_uri;
}
location /login/ {
proxy_pass http://127.0.0.1:9000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#by the time 302 redirect, $request_uri is no longer the original...
proxy_set_header X-Target $request_uri;
}
Essentially all requests to the server must first be authenticated in the /auth/ location. This location will generally possess the $request_uri that I care about in its sub request. However, whenever the requeset_auth directive fails, and we are redirected with the @noaccess location, nginx makes a new request to /login/.
Is there a way for me to retain the original $request_uri such that it is sent as a header to the /login/ location? (this is needed in order to do a redirect later upon successful authentication).
I've seen some users talk about the auth_request_set directive, but I honestly do not understand how to use it effectively and how the headers of the sub request are renamed or made available.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
是的。与饼干。
浏览器状态由cookie管理,因此您需要将带有$ request_URI的302的
set-cookie标头发送,然后将cookie转换为/登录/位置中的标题。Yes. With cookies.
Browser state is managed with cookies, so you need to be sending a
Set-Cookieheader with the 302 that has $request_uri and then convert the cookie to a header in the /login/ location.