我有一個示例多容器設定,用于將 React.js ui 作為前端,將 eXist-db 資料庫服務器作為后端并通過 openid_connect 進行身份驗證。這是 GitHub 鏈接:https ://github.com/lcahlander/multi-container-nginx-react-existdb
這是 NGINX default.conf 檔案:
upstream backend {
zone backend 64k;
server backend:8080;
}
upstream client {
zone client 64k;
server client:3000;
}
# Custom log format to include the 'sub' claim in the REMOTE_USER field
log_format main_jwt '$remote_addr - $jwt_claim_sub [$time_local] "$request" $status '
'$body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
# The frontend server - reverse proxy with OpenID Connect authentication
#
server {
include conf.d/openid_connect.server_conf; # Authorization code flow and Relying Party processing
error_log /var/log/nginx/error.log debug; # Reduce severity level as required
listen 80;
location /exist {
# This site is protected with OpenID Connect
auth_jwt "" token=$session_jwt;
error_page 401 = @do_oidc_flow;
#auth_jwt_key_file $oidc_jwt_keyfile; # Enable when using filename
auth_jwt_key_request /_jwks_uri; # Enable when using URL
# Successfully authenticated users are proxied to the backend,
# with 'sub' claim passed as HTTP header
proxy_set_header Bearer $jwt_claim_sub;
proxy_pass http://backend;
access_log /var/log/nginx/exist.log main_jwt;
}
location / {
# This site is protected with OpenID Connect
auth_jwt "" token=$session_jwt;
error_page 401 = @do_oidc_flow;
#auth_jwt_key_file $oidc_jwt_keyfile; # Enable when using filename
auth_jwt_key_request /_jwks_uri; # Enable when using URL
# Successfully authenticated users are proxied to the backend,
# with 'sub' claim passed as HTTP header
proxy_set_header Bearer $jwt_claim_sub;
proxy_pass http://client;
access_log /var/log/nginx/access.log main_jwt;
}
}
問題是/_codexch正在傳遞給客戶端容器,而不是在 nginx 容器中處理。我該如何解決?
先感謝您!
uj5u.com熱心網友回復:
我找到了我的解決方案。問題是proxy_set_header Bearer $jwt_claim_sub;應該是proxy_set_header Bearer $session_jwt;
轉載請註明出處,本文鏈接:https://www.uj5u.com/qiye/469068.html
標籤:nginx 开放式连接 授权0 nginx位置 存在数据库
