nginx位置和Django身份验证
我正在尝试基于querystring中的URL参数创建NGINX重定向。基本上有:nginx位置和Django身份验证,django,nginx,nginx-location,Django,Nginx,Nginx Location,我正在尝试基于querystring中的URL参数创建NGINX重定向。基本上有: http://localhost/redirect/?url=https://www.google.it/search?dcr=0&source=hp&q=django&oq=django 及 现在,只有Django身份验证用户(JWT/Cookie)可以使用/redirect?url=端点,因此可以在不向整个世界打开代理的情况下实现会话/Cookie检查吗 无论如何,我可以在Djang
http://localhost/redirect/?url=https://www.google.it/search?dcr=0&source=hp&q=django&oq=django
及
现在,只有Django身份验证用户(JWT/Cookie)可以使用/redirect?url=
端点,因此可以在不向整个世界打开代理的情况下实现会话/Cookie检查吗
无论如何,我可以在Django级别()上完成,但我认为在NGINX级别上它更快,计算成本更低
谢谢
D重定向和代理是不同的事情,要获得django代理功能,您需要使用nginx反向代理选项,而不是重定向
# django-proxy code fragment
response = requests.request(request.method, url, **requests_args)
proxy_response = HttpResponse(
response.content,
status=response.status_code)
反向代理和身份验证的Nginx配置
server {
listen 80;
server_name youtdomain.com;
location / {
# use django for authenticating request
auth_request /django-app/;
# a proxy to otherdomain
proxy_pass http://otherdomain.com;
proxy_set_header Host otherdomain.com;
}
location /django-app/{
internal; # protect from public access
proxy_pass http://django-app;
}
}
Django应用程序应该为经过身份验证的用户返回
200
状态代码401
否则,您可以阅读有关身份验证请求的更多详细信息重定向和代理是不同的事情,要获得Django代理功能,您需要使用nginx反向代理选项,而不是重定向
# django-proxy code fragment
response = requests.request(request.method, url, **requests_args)
proxy_response = HttpResponse(
response.content,
status=response.status_code)
反向代理和身份验证的Nginx配置
server {
listen 80;
server_name youtdomain.com;
location / {
# use django for authenticating request
auth_request /django-app/;
# a proxy to otherdomain
proxy_pass http://otherdomain.com;
proxy_set_header Host otherdomain.com;
}
location /django-app/{
internal; # protect from public access
proxy_pass http://django-app;
}
}
Django应用程序应该返回身份验证用户的
200
状态代码401
,否则,您可以根据前面的答案阅读有关身份验证请求的更多详细信息(谢谢!)。这是解决方案:
http {
upstream app_api {
# server 172.69.0.10:8000;
server api:8000;
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response (in case the Unicorn master nukes a
# single worker for timing out).
# server unix:/var/www/gmb/run/gunicorn.sock fail_timeout=0;
}
server {
location = /auth {
proxy_pass http://app_api/api-auth/login/;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
location /redirect/ {
auth_request /auth;
proxy_cache STATIC;
# cache status code 200 responses for 10 minutes
proxy_cache_valid 200 1d;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
# use the cache if there's a error on app server or it's updating from another request
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
# don't let two requests try to populate the cache at the same time
proxy_cache_lock on;
# Strip out query param "timestamp"
if ($args ~ (.*)×tamp=[^&]*(.*)) {
set $args $1$2;
}
return 302 $arg_url$args;
}
根据前面的答案(谢谢!),这是解决方案:
http {
upstream app_api {
# server 172.69.0.10:8000;
server api:8000;
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response (in case the Unicorn master nukes a
# single worker for timing out).
# server unix:/var/www/gmb/run/gunicorn.sock fail_timeout=0;
}
server {
location = /auth {
proxy_pass http://app_api/api-auth/login/;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
location /redirect/ {
auth_request /auth;
proxy_cache STATIC;
# cache status code 200 responses for 10 minutes
proxy_cache_valid 200 1d;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
# use the cache if there's a error on app server or it's updating from another request
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
# don't let two requests try to populate the cache at the same time
proxy_cache_lock on;
# Strip out query param "timestamp"
if ($args ~ (.*)×tamp=[^&]*(.*)) {
set $args $1$2;
}
return 302 $arg_url$args;
}
您的查询有点不清楚,因此您希望
/redirect
仅对经过身份验证的用户可用?是的,我将对其进行修改。我认为您可以使用身份验证请求来实现此目的。看到这一点,您的查询有点不清楚,所以您希望/redirect
仅对经过身份验证的用户可用?是的,我将对其进行修改。我认为您可以使用身份验证请求来执行此操作。看到这一点,基本上从网站上看,只有使用Django Rest Framework(DRF)的经过身份验证的用户才应该使用NGINX location/redirect/?url=但不使用NGINX反向代理,否则我可以创建一个DRF端点。答案是‘auth_request’。请注意,您提到的django proxy
不是重定向,而是下载内容并传递给客户端。它的行为类似于nginx reverse proxy,基本上是从网站上通过身份验证的用户使用django Rest Framework(DRF)应该使用NGINX location/redirect/?url=但不使用NGINX反向代理,否则我可以创建DRF端点。答案是‘auth_request’。请注意,您提到的django proxy
不是重定向,而是下载内容并传递给客户端,其行为类似于nginx反向代理