一、安装
-
参考地址
https://gitee.com/mirrors_maxisam/dockerfiles-nginx-auth-ldap
https://hub.docker.com/r/dweomer/nginx-auth-ldap/ -
安装
docker pull dweomer/nginx-auth-ldap
二、配置
配置文件.png
- nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
ldap_server openldap {
url ldap://192.168.1.22:389/dc=***,dc=com?uid?sub?(&(objectClass=person));
binddn "cn=**,dc=***,dc=com";
binddn_passwd "******";
group_attribute people;
group_attribute_is_dn on;
require valid_user;
}
include /etc/nginx/conf.d/*.conf;
}
- conf.d/default.conf
增加ldap认证:
auth_ldap "Closed content";
auth_ldap_servers openldap;
openldap 对应nginx.conf中的http中的ldap_server
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
# adding ldap authentication
auth_ldap "Closed content";
auth_ldap_servers openldap;
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
让配置生效
nginx -t
nginx -s reload
/etc/nginx # nginx -t
2021/10/13 08:25:17 [notice] 144#144: http_auth_ldap: parse_require in /etc/nginx/nginx.conf:37
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
/etc/nginx # nginx -s reload
2021/10/13 08:25:21 [notice] 145#145: http_auth_ldap: parse_require in /etc/nginx/nginx.conf:37
2021/10/13 08:25:21 [notice] 145#145: signal process started
三、测试
image.png
在加上ldap认证后,再次访问http://localhost:8085/
image.png
输入正确LDAP中的用户的用户名和密码,才能正确访问;否则提示未授权:
image.png
网友评论