我如何告诉 NGINX 不要 proxy_pass 某些 URI?
How do I tell NGINX to not proxy_pass certain URIs?
我有一个示例多容器设置,将 React.js ui 作为前端,将 eXist-db 数据库服务器作为后端,并通过 openid_connect 进行身份验证。这是 GitHub link: https://github.com/lcahlander/multi-container-nginx-react-existdb
这是 NGINX default.conf 文件:
upstream backend {
zone backend 64k;
server backend:8080;
}
upstream client {
zone client 64k;
server client:3000;
}
# Custom log format to include the 'sub' claim in the REMOTE_USER field
log_format main_jwt '$remote_addr - $jwt_claim_sub [$time_local] "$request" $status '
'$body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
# The frontend server - reverse proxy with OpenID Connect authentication
#
server {
include conf.d/openid_connect.server_conf; # Authorization code flow and Relying Party processing
error_log /var/log/nginx/error.log debug; # Reduce severity level as required
listen 80;
location /exist {
# This site is protected with OpenID Connect
auth_jwt "" token=$session_jwt;
error_page 401 = @do_oidc_flow;
#auth_jwt_key_file $oidc_jwt_keyfile; # Enable when using filename
auth_jwt_key_request /_jwks_uri; # Enable when using URL
# Successfully authenticated users are proxied to the backend,
# with 'sub' claim passed as HTTP header
proxy_set_header Bearer $jwt_claim_sub;
proxy_pass http://backend;
access_log /var/log/nginx/exist.log main_jwt;
}
location / {
# This site is protected with OpenID Connect
auth_jwt "" token=$session_jwt;
error_page 401 = @do_oidc_flow;
#auth_jwt_key_file $oidc_jwt_keyfile; # Enable when using filename
auth_jwt_key_request /_jwks_uri; # Enable when using URL
# Successfully authenticated users are proxied to the backend,
# with 'sub' claim passed as HTTP header
proxy_set_header Bearer $jwt_claim_sub;
proxy_pass http://client;
access_log /var/log/nginx/access.log main_jwt;
}
}
问题是 /_codexch 被传递给客户端容器,而不是在 nginx 容器中处理。我该如何解决?
提前致谢!
我找到了我的解决方案。问题是 proxy_set_header Bearer $jwt_claim_sub; 应该是 proxy_set_header Bearer $session_jwt;
我有一个示例多容器设置,将 React.js ui 作为前端,将 eXist-db 数据库服务器作为后端,并通过 openid_connect 进行身份验证。这是 GitHub link: https://github.com/lcahlander/multi-container-nginx-react-existdb
这是 NGINX default.conf 文件:
upstream backend {
zone backend 64k;
server backend:8080;
}
upstream client {
zone client 64k;
server client:3000;
}
# Custom log format to include the 'sub' claim in the REMOTE_USER field
log_format main_jwt '$remote_addr - $jwt_claim_sub [$time_local] "$request" $status '
'$body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
# The frontend server - reverse proxy with OpenID Connect authentication
#
server {
include conf.d/openid_connect.server_conf; # Authorization code flow and Relying Party processing
error_log /var/log/nginx/error.log debug; # Reduce severity level as required
listen 80;
location /exist {
# This site is protected with OpenID Connect
auth_jwt "" token=$session_jwt;
error_page 401 = @do_oidc_flow;
#auth_jwt_key_file $oidc_jwt_keyfile; # Enable when using filename
auth_jwt_key_request /_jwks_uri; # Enable when using URL
# Successfully authenticated users are proxied to the backend,
# with 'sub' claim passed as HTTP header
proxy_set_header Bearer $jwt_claim_sub;
proxy_pass http://backend;
access_log /var/log/nginx/exist.log main_jwt;
}
location / {
# This site is protected with OpenID Connect
auth_jwt "" token=$session_jwt;
error_page 401 = @do_oidc_flow;
#auth_jwt_key_file $oidc_jwt_keyfile; # Enable when using filename
auth_jwt_key_request /_jwks_uri; # Enable when using URL
# Successfully authenticated users are proxied to the backend,
# with 'sub' claim passed as HTTP header
proxy_set_header Bearer $jwt_claim_sub;
proxy_pass http://client;
access_log /var/log/nginx/access.log main_jwt;
}
}
问题是 /_codexch 被传递给客户端容器,而不是在 nginx 容器中处理。我该如何解决?
提前致谢!
我找到了我的解决方案。问题是 proxy_set_header Bearer $jwt_claim_sub; 应该是 proxy_set_header Bearer $session_jwt;