禁止NGINX中应用程序的LDAP身份验证
我应用NginX使用LDAP()对实例myapp1和myapp2的应用程序进行身份验证。我的配置文件如下所示:禁止NGINX中应用程序的LDAP身份验证,nginx,ldap,nginx-reverse-proxy,nginx-config,Nginx,Ldap,Nginx Reverse Proxy,Nginx Config,我应用NginX使用LDAP()对实例myapp1和myapp2的应用程序进行身份验证。我的配置文件如下所示: ldap_server myapp1{ url ldaps://....; binddn "CN=user,OU=t accounts,DC=dom,DC=uk"; binddn_passwd ...; group_attribute member; group_attribute_is_dn on; max_down
ldap_server myapp1{
url ldaps://....;
binddn "CN=user,OU=t accounts,DC=dom,DC=uk";
binddn_passwd ...;
group_attribute member;
group_attribute_is_dn on;
max_down_retries_count 5;
satisfy any;
Require valid-user;
}
ldap_server myapp2{
url ldaps://....;
binddn "CN=user,OU=t accounts,DC=dom,DC=uk";
binddn_passwd ...;
group_attribute member;
group_attribute_is_dn on;
max_down_retries_count 5;
satisfy any;
Require valid-user;
}
它工作得很好。现在,我想取消对myapp2的身份验证。换句话说,如果用户在浏览器中调用myapp2的url
address,用户将不会被要求进行身份验证,而是直接访问url,而只访问myapp2。这可能吗
更新:我发现,nginx.conf
还有另一部分,即代理部分:
location /myapp1/ {
auth_ldap_servers myapp1;
proxy_pass http://127.0.0.1:3838/myapp1/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}
location /myapp2/ {
auth_ldap_servers myapp2;
proxy_pass http://127.0.0.1:3838/myapp2/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}
可能我必须更改
位置
部分?我终于找到了解决方案
问题是,tere在开始时是nginx.conf
中的一个传统部分。这些应该集成在第二部分location/myapp/{..}
。因此,来自:
auth_ldap "please log in with windows login data";
auth_ldap_servers myapp1;
auth_ldap_servers myapp2;
#comment:
# the special part for every app
location /myapp1/ {
auth_ldap_servers myapp1;
proxy_pass http://127.0.0.1:3838/myapp1/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}
location /myapp2/ {
auth_ldap_servers myapp2;
proxy_pass http://127.0.0.1:3838/myapp2/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}
到
尝试删除
auth_ldap_服务器myapp2代码>来自位置/myapp2/
。
location /myapp1/ {
auth_ldap "please log in with windows login data";
auth_ldap_servers myapp1;
proxy_pass http://127.0.0.1:3838/myapp1/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}
location /myapp2/ {
auth_ldap "please log in with windows login data";
auth_ldap_servers myapp2;
proxy_pass http://127.0.0.1:3838/myapp2/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}