美文网首页
jenkins前配置nginx的auth_basic模块的配置

jenkins前配置nginx的auth_basic模块的配置

作者: 夜清溟 | 来源:发表于2023-04-12 16:22 被阅读0次

    正常配置nginx的auth_basic模块,但是访问的时候填写完认证账号和密码之后无限提示要求认证,查到相关问题解决方法:

    Found the solution to my issue by searching for Nginx used as a reverse proxy for any other application with basic_auth.
    
    Solution was the answer found here: [https://serverfault.com/questions/511846/basic-auth-for-a-tomcat-app-jira-with-nginx-as-reverse-proxy](https://serverfault.com/questions/511846/basic-auth-for-a-tomcat-app-jira-with-nginx-as-reverse-proxy)
    
    The line I was missing from my nginx configuration was:
    
     # Don't forward auth to Tomcat
     proxy_set_header   Authorization "";
    
    
    By default, it appears that after basic auth Nginx will additionally forward
    the auth headers to Jenkins and this is what was leading to my issue.
    Jenkins receives the forwarded auth headers and then thinks it needs to
    authorize itself too?!
    
    If we set our reverse proxy to not forward any authorization headers as
    shown above then everything works as it should. Nginx will prompt
    basic_auth and after successful auth we explicitly clear (reset?) the auth
    headers when forwarding to our reverse proxy.
    

    相关问题链接如下:
    https://stackoverflow.com/questions/35563508/jenkins-nginx-double-prompted-for-basic-auth-why-why-is-there-an-internal-je

    正确的配置,需要在header里设置 Authorization为空,即:

    proxy_set_header Authorization "";

    upstream jenkins_server {
            server 127.0.0.1:8081;
    }
    
    server {
        listen 80;
        listen 443 ;
        server_name jenkins.abc.com;
        charset utf-8;
        access_log logs/access_jenkins.log main;
    
        auth_basic "Protect Jenkins";
        auth_basic_user_file /usr/local/nginx/jenkins_passwd.db;
    
        ssl_certificate   cert/abc.com.pem;
        ssl_certificate_key  cert/abc.com.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!3DES;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
    
        allow   1.2.3.432;
        allow   1.2.3.5/32;
        deny    all;
    
        gzip                       on;
        gzip_comp_level            6;
        gzip_min_length            1k;
        gzip_types                 text/plain text/css text/xml text/javascript text/x-component application/json application/javascript application/x-javascript application/xml application/xhtml+xml application/rss+xml application/atom+xml application/x-font-ttf application/vnd.ms-fontobject image/svg+xml image/x-icon font/opentype;
    
        if ($scheme = http) {
             return  301 https://$host$request_uri;
        }
    
       location @jenkins {        
        sendfile off;
        proxy_pass         http://jenkins_server;
        proxy_redirect     off;    
      
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;  
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_max_temp_file_size 0;
        client_max_body_size       10m; 
        client_body_buffer_size    128k;
      
        # Don't forward auth to Tomcat
        proxy_set_header   Authorization "";
        proxy_connect_timeout      90;  
        proxy_send_timeout         90;  
        proxy_read_timeout         90;  
    
        proxy_buffer_size          4k;  
        proxy_buffers              4 32k;
        proxy_busy_buffers_size    64k; 
        proxy_temp_file_write_size 64k; 
        }
    
        location / {
            root /home/jenkins/jenkins_home/war/;        
            try_files $uri @jenkins;        
        }
    }
    

    相关文章

      网友评论

          本文标题:jenkins前配置nginx的auth_basic模块的配置

          本文链接:https://www.haomeiwen.com/subject/coloddtx.html