User interface Hashicorp Vault UI-在';诚信';属性资源已被阻止
我在一个私有子网中托管Vault和Concur服务器,在这个私有子网中,我有一个专用实例用作反向代理服务器,比如说该实例被称为(私有子网代理) 为了能够从公共中使用Consor和Vault的UI,我专门使用了一个公共实例作为从公共网络到专用子网的反向代理 Concur的UI与我使用的方法配合得很好(详见私有子网代理.conf和公共子网代理.conf ).但是,当我尝试调用Vault时,它的UI给了我一个奇怪的错误 有没有其他人有过这个问题,可以帮我解决?如有任何意见或建议,我将不胜感激 专用子网代理.confUser interface Hashicorp Vault UI-在';诚信';属性资源已被阻止,user-interface,nginx,reverse-proxy,hashicorp-vault,User Interface,Nginx,Reverse Proxy,Hashicorp Vault,我在一个私有子网中托管Vault和Concur服务器,在这个私有子网中,我有一个专用实例用作反向代理服务器,比如说该实例被称为(私有子网代理) 为了能够从公共中使用Consor和Vault的UI,我专门使用了一个公共实例作为从公共网络到专用子网的反向代理 Concur的UI与我使用的方法配合得很好(详见私有子网代理.conf和公共子网代理.conf ).但是,当我尝试调用Vault时,它的UI给了我一个奇怪的错误 有没有其他人有过这个问题,可以帮我解决?如有任何意见或建议,我将不胜感激 专用子
server {
listen 80;
listen [::]:80;
upstream vault {
server vault_instance:8200;
}
location /vault/ui/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
resolver 127.0.0.1;
allow "127.0.0.1";
allow "10.10.1.12";
deny all;
proxy_pass http://vault/ui/;
proxy_set_header Accept-Encoding "";
sub_filter_types text/css text/http;
sub_filter_once off;
sub_filter /v1/ /vault_v1/;
sub_filter /ui/ /vault/ui/;
sub_filter "rel=\"stylesheet\"" "";
}
location /vault_v1/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://vault/v1/;
sub_filter_types text/css text/http;
sub_filter_once off;
sub_filter /v1/ /vault_v1/;
sub_filter /ui/ /vault/ui/;
sub_filter "rel=\"stylesheet\"" "";
}
}
server {
error_page 497 https://$host:$server_port$request_uri;
auth_basic "Administrator's Area";
auth_basic_user_file /etc/apache2/.htpasswd;
listen 443 default_server ssl;
server_name example.com www.example.com;
location /vault/ {
proxy_pass http://private_subnet_proxy/vault/ui/;
}
location /vault_v1/ {
proxy_pass http://private_subnet_proxy/vault_v1/;
}
}
公共子网代理.conf
server {
listen 80;
listen [::]:80;
upstream vault {
server vault_instance:8200;
}
location /vault/ui/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
resolver 127.0.0.1;
allow "127.0.0.1";
allow "10.10.1.12";
deny all;
proxy_pass http://vault/ui/;
proxy_set_header Accept-Encoding "";
sub_filter_types text/css text/http;
sub_filter_once off;
sub_filter /v1/ /vault_v1/;
sub_filter /ui/ /vault/ui/;
sub_filter "rel=\"stylesheet\"" "";
}
location /vault_v1/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://vault/v1/;
sub_filter_types text/css text/http;
sub_filter_once off;
sub_filter /v1/ /vault_v1/;
sub_filter /ui/ /vault/ui/;
sub_filter "rel=\"stylesheet\"" "";
}
}
server {
error_page 497 https://$host:$server_port$request_uri;
auth_basic "Administrator's Area";
auth_basic_user_file /etc/apache2/.htpasswd;
listen 443 default_server ssl;
server_name example.com www.example.com;
location /vault/ {
proxy_pass http://private_subnet_proxy/vault/ui/;
}
location /vault_v1/ {
proxy_pass http://private_subnet_proxy/vault_v1/;
}
}
github repo中包含的步骤帮助我在nginx反向代理后面设置Vault UI