curl 如何配置NGINX反向代理进行身份验证?

r7xajy2e  于 2022-11-13  发布在  Nginx
关注(0)|答案(1)|浏览(468)

bounty将在5小时后过期。回答此问题可获得+50的声望奖励。Vrishank Gupta希望吸引更多人关注此问题。

我试图使用NGINX作为一个经过身份验证的直通代理(它拦截请求,检查身份验证,并重定向到原始目的地(包括HTTPS和HTTP URL))。

2022/11/04 15:42:58 [info] 6905#0: *7 no user/password was provided for basic authentication, client: 127.0.0.1, server: localhost, request: "GET http://www.google.com/ HTTP/1.1", host: "www.google.com"

2022/11/04 15:42:58 [info] 6905#0: *7 kevent() reported that client 127.0.0.1 closed keepalive connection

我使用下面的curl:

curl -x 127.0.0.1:80 -u username:password  "https://www.google.com"

下面是我的nginx.conf文件

index    index.html index.htm index.php;
 ssl_certificate /usr/local/etc/ssl/certs/self-signed.crt;
 ssl_certificate_key /usr/local/etc/ssl/private/self-signed.key;
 default_type application/octet-stream;
 log_format   main   '$remote_addr - $remote_user [$time_local]  $status '
                    '"$request" $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

log_format custom1 '$remote_addr - $remote_user [$time_local] '
                                       '"$request" $status $body_bytes_sent '
                                       '"$http_referer" "$http_user_agent" '
                                       '"$http_x_forwarded_for" $request_id '
                                       '"$request_body"';
log_format custom '$request_body' ;
access_log   logs/host.access.log custom ;
sendfile     on;
spinous   on;

server_names_hash_bucket_size 128; # this seems to be required for some vhosts

server { # simple reverse-proxy
 listen       8082;
 proxy_connect;
 auth_basic           "Restricted Content";
 auth_basic_user_file /etc/apache2/.htpasswd;
 proxy_connect_allow            443 563;
 proxy_connect_connect_timeout  1220s;
 proxy_connect_read_timeout     1220s;
 proxy_connect_send_timeout     1220s;

 resolver 8.8.8.8;

 server_name  localhost;
 access_log   logs/host.access.log main;

 listen 443 SSL;
 listen [::]:443  SSL;

 ssl_session_timeout 5m;
 ssl_certificate /usr/local/etc/ssl/certs/self-signed.crt;
 ssl_certificate_key /usr/local/etc/ssl/private/self-signed.key;
 ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
 ssl_prefer_server_ciphers on;

 location / {
    proxy_pass $host:$server_port;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    auth_basic           "Administrator’s Area";
    auth_basic_user_file /etc/apache2/.htpasswd;
  }
 }
}
lf5gs5x2

lf5gs5x21#

的发生
2022年11月4日15:42:58 [信息] 6905#0:*7没有为基本身份验证提供用户/密码,客户端:127.0.0.1,服务器:本地主机,请求:“GET http://www.google.com/ HTTP/1.1”,主机:“www.google.com“
应该没问题,因为第一个请求是在没有任何身份验证的情况下发出的:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication
Nginx似乎遵循了这种做法:https://serverfault.com/questions/491604/nginx-auth-basic-errors-user-not-found-and-no-user-password-provided

相关问题