[英]Couchdb and proxy authentication
I have been using couchdb for a long time and we authenticate through cookies auth.我已经使用 couchdb 很长时间了,我们通过 cookies auth 进行身份验证。 Now we would like to start testing proxy authentication but I don't quite understand how it works.
现在我们想开始测试代理身份验证,但我不太明白它是如何工作的。
I already have it activated including the value "chttpd_auth, proxy_authentication_handler" in the section "chttpd / authentication_handlers:" but how do I indicate that the token x is for the user y?我已经激活了它,包括“chttpd / authentication_handlers:”部分中的值“chttpd_auth,proxy_authentication_handler”,但是我如何指示令牌 x 是给用户 y 的?
I can't understand how it works我无法理解它是如何工作的
I hope someone can help me with an example.我希望有人可以帮助我举个例子。 Thank you.
谢谢你。
In proxy_authentication
, you are doing authentication somewhere else.在
proxy_authentication
中,您正在其他地方进行身份验证。 That somewhere else is a proxy, or to be more specific a reverse proxy.其他地方是代理,或者更具体地说是反向代理。
For example, if you're just using a single user and using nginx as a proxy to couchdb
, you set the required headers before request is passed to couchdb
like:例如,如果您只使用单个用户并使用 nginx 作为
couchdb
的代理,则在将请求传递给couchdb
之前设置所需的标头,例如:
location / {
# pass to couchdb
proxy_pass http://localhost:5984;
# ... other configurations.
# authentication header
proxy_set_header X-Auth-CouchDB-UserName 'someone';
proxy_set_header X-Auth-CouchDB-Roles '_admin,staff';
proxy_set_header X-Auth-CouchDB-Token 'auth-token';
}
Couchdb will accept request with given username
and roles
. Couchdb 将接受具有给定
username
和roles
的请求。 X-Auth-CouchDB-Token
should be a hex encoded hmac
of X-Auth-CouchDB-UserName
using secret
in couch_httpd_auth
section in your configuration. X-Auth-CouchDB-Token
应该是X-Auth-CouchDB-UserName
的十六进制编码hmac
,在您的配置中使用couch_httpd_auth
部分中的secret
。 It is not required unless proxy_use_secret
is true
, which is not the case by default (although it should it should be used in production).除非
proxy_use_secret
为true
,否则不需要它,默认情况下并非如此(尽管它应该在生产中使用)。
In practice, you will need to create a proxy server that validates username
(maybe with password).在实践中,您将需要创建一个验证
username
(可能带有密码)的代理服务器。 Only after the user is valid the request will be passed to couchdb with those headers attached.只有在用户有效之后,请求才会被传递到 couchdb 并附加这些标头。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.