FIWARE - PEP 代理配置为 HTTPS
[英]FIWARE - PEP Proxy configured to HTTPS
问题描述
I would like to know how I configure the PEP Proxy so that I can exchange messages through HTTPS.
我想知道我如何配置 PEP 代理,以便我可以通过 HTTPS 交换消息。 I have an instance of Orion context broker that is accessed only after pass by the PEP Proxy.我有一个 Orion 上下文代理的实例,只有在通过 PEP 代理后才能访问它。 My PEP Proxy (Wilma) configuration file (config.js) has the following:我的PEP 代理 (Wilma)配置文件 (config.js) 包含以下内容:
config.https = {
enabled: true,
cert_file: 'cert/idm.crt',
key_file: 'cert/idm.key',
port: 443
};
config.account_host = 'https://localhost:8000'; //account.lab.fiware.org';
config.keystone_host = 'localhost'; //'cloud.lab.fiware.org';
config.keystone_port = 5000; //4731;
config.app_host = 'https://orion'; //'localhost';
config.app_port = ''; //Nginx is configured to redirect to port 1026
// Use true if the app server listens in https
config.app_ssl = true;
config.username = 'pep_proxy_credential_obtained_at_portal';
config.password = 'password_obtained_at_portal';
I have also HTTPS to HTTP (Nginx configured as reverse proxy) so that my requests directly sent to Orion are secure.我还有 HTTPS 到 HTTP(Nginx 配置为反向代理),以便我直接发送到 Orion 的请求是安全的。 The HTTPS is working only without PEP Proxy flow. HTTPS 仅在没有 PEP 代理流的情况下工作。 When I insert the authorization/authentication flow, I am facing problems, because the PEP Proxy does not handle with the SSL certificate.当我插入授权/身份验证流程时,我遇到了问题,因为 PEP 代理不处理 SSL 证书。 Here is the Nginx configuration:这是Nginx 的配置:
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://orion:1026;
proxy_read_timeout 90;
proxy_redirect http://orion:1026 https://orion;
}
I want to integrate what I have in a way I can communicate with Orion only by HTTPS, including the PEP Proxy flow.我想以一种只能通过 HTTPS 与 Orion 通信的方式集成我所拥有的,包括 PEP 代理流。 I've searched but I did not find nothing useful related to HTTPS configuration in PEP Proxy.我已经搜索过,但没有发现与 PEP 代理中的 HTTPS 配置相关的任何有用信息。
EDIT: There is an error when the PEP Proxy redirects to the application:编辑:PEP 代理重定向到应用程序时出现错误:
2017-01-17 20:52:55.544 - INFO: Server - Success authenticating PEP proxy.
Proxy Auth-token: d7ec08edd87d43418edfd558df26f427
2017-01-17 20:53:49.450 - INFO: IDM-Client - Checking token with IDM...
2017-01-17 20:53:49.508 - INFO: Root - Access-token OK. Redirecting to app...
Refused to set unsafe header "accept-encoding"
Refused to set unsafe header "content-length"
The error presented by the application is:应用程序出现的错误是:
('Connection aborted.', BadStatusLine('HTTP/1.1 0 unknown\r\n',))
2 个解决方案
解决方案1
1 已采纳 2017-01-26 17:16:22
The problem was the https at configuration:问题是配置中的https:
config.app_host = 'https://orion';
I had to debug to find this.我必须调试才能找到这个。 The PEP Proxy Wilma adds the protocol (http or https) to the application host configured. PEP 代理 Wilma 将协议(http 或 https)添加到配置的应用程序主机。 The correct is to configure without the protocol:正确的是在没有协议的情况下进行配置:
config.app_host = 'orion';
Maybe this observation can be added to Wilma documentation in order to avoid errors like mine.也许这个观察可以添加到 Wilma 文档中,以避免像我这样的错误。
解决方案2
0 2017-01-17 15:32:01
You can configure PEP Proxy to listen in HTTPS using the parameter "https" in the config file您可以使用配置文件中的参数“https”将 PEP 代理配置为侦听 HTTPS
https://github.com/ging/fiware-pep-proxy/blob/master/config.js.template#L7 https://github.com/ging/fiware-pep-proxy/blob/master/config.js.template#L7
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.