禁止NGINX中应用程序的LDAP身份验证_Nginx_Ldap_Nginx Reverse Proxy_Nginx Config

禁止NGINX中应用程序的LDAP身份验证

nginx ldap

禁止NGINX中应用程序的LDAP身份验证,nginx,ldap,nginx-reverse-proxy,nginx-config,Nginx,Ldap,Nginx Reverse Proxy,Nginx Config,我应用NginX使用LDAP（）对实例myapp1和myapp2的应用程序进行身份验证。我的配置文件如下所示： ldap_server myapp1{ url ldaps://....; binddn "CN=user,OU=t accounts,DC=dom,DC=uk"; binddn_passwd ...; group_attribute member; group_attribute_is_dn on; max_down

我应用NginX使用LDAP（）对实例myapp1和myapp2的应用程序进行身份验证。我的配置文件如下所示：

ldap_server myapp1{
    url ldaps://....;
    binddn "CN=user,OU=t accounts,DC=dom,DC=uk";
    binddn_passwd ...;
    group_attribute member;
    group_attribute_is_dn on;
    max_down_retries_count 5;
    satisfy any;
    Require valid-user;
}
ldap_server myapp2{
    url ldaps://....;
    binddn "CN=user,OU=t accounts,DC=dom,DC=uk";
    binddn_passwd ...;
    group_attribute member;
    group_attribute_is_dn on;
    max_down_retries_count 5;
    satisfy any;
    Require valid-user;
}

它工作得很好。现在，我想取消对myapp2的身份验证。换句话说，如果用户在浏览器中调用myapp2的

url

address，用户将不会被要求进行身份验证，而是直接访问url，而只访问myapp2。这可能吗

更新：我发现，

nginx.conf

还有另一部分，即代理部分：

    location /myapp1/ {
      auth_ldap_servers myapp1;
      proxy_pass http://127.0.0.1:3838/myapp1/;
      proxy_http_version 1.1;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
    }

    location /myapp2/ {
      auth_ldap_servers myapp2;
      proxy_pass http://127.0.0.1:3838/myapp2/;
      proxy_http_version 1.1;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
    }

可能我必须更改

位置

部分？

我终于找到了解决方案

问题是，tere在开始时是

nginx.conf

中的一个传统部分。这些应该集成在第二部分

location/myapp/{..}

。因此，来自：

   auth_ldap "please log in with windows login data";
   auth_ldap_servers myapp1;
   auth_ldap_servers myapp2;
#comment:
# the special part for every app
    location /myapp1/ {
      auth_ldap_servers myapp1;
      proxy_pass http://127.0.0.1:3838/myapp1/;
      proxy_http_version 1.1;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
    }

    location /myapp2/ {
      auth_ldap_servers myapp2;
      proxy_pass http://127.0.0.1:3838/myapp2/;
      proxy_http_version 1.1;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
    }

到

尝试删除

auth_ldap_服务器myapp2来自位置/myapp2/。
    location /myapp1/ {
      auth_ldap "please log in with windows login data";
      auth_ldap_servers myapp1;
      proxy_pass http://127.0.0.1:3838/myapp1/;
      proxy_http_version 1.1;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
    }

    location /myapp2/ {
      auth_ldap "please log in with windows login data";
      auth_ldap_servers myapp2;
      proxy_pass http://127.0.0.1:3838/myapp2/;
      proxy_http_version 1.1;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
    }