我应用NginX来使用LDAP验证应用程序,例如myapp1和myapp2(此处描述(。我的配置文件看起来像:
ldap_server myapp1{
url ldaps://....;
binddn "CN=user,OU=t accounts,DC=dom,DC=uk";
binddn_passwd ...;
group_attribute member;
group_attribute_is_dn on;
max_down_retries_count 5;
satisfy any;
Require valid-user;
}
ldap_server myapp2{
url ldaps://....;
binddn "CN=user,OU=t accounts,DC=dom,DC=uk";
binddn_passwd ...;
group_attribute member;
group_attribute_is_dn on;
max_down_retries_count 5;
satisfy any;
Require valid-user;
}
它运行良好。现在,我想取消myapp2的身份验证。换句话说,如果用户在浏览器中调用myapp2 myapp2更新:我发现 可能我必须更改url地址,则不会要求用户进行身份验证,而是直接访问url,而只访问nginx.conf还有另一个部分,即代理部分:location /myapp1/ {
auth_ldap_servers myapp1;
proxy_pass http://127.0.0.1:3838/myapp1/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}
location /myapp2/ {
auth_ldap_servers myapp2;
proxy_pass http://127.0.0.1:3838/myapp2/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}
location部分的某些内容?
我终于找到了解决方案。
问题是,tere最初是nginx.conf中的一个传统部分。第二部分location /myapp/ { ....}中应整合Thses。因此来自:
auth_ldap "please log in with windows login data";
auth_ldap_servers myapp1;
auth_ldap_servers myapp2;
#comment:
# the special part for every app
location /myapp1/ {
auth_ldap_servers myapp1;
proxy_pass http://127.0.0.1:3838/myapp1/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}
location /myapp2/ {
auth_ldap_servers myapp2;
proxy_pass http://127.0.0.1:3838/myapp2/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}
至
location /myapp1/ {
auth_ldap "please log in with windows login data";
auth_ldap_servers myapp1;
proxy_pass http://127.0.0.1:3838/myapp1/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}
location /myapp2/ {
auth_ldap "please log in with windows login data";
auth_ldap_servers myapp2;
proxy_pass http://127.0.0.1:3838/myapp2/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}