[英]Apache reverse proxy with basic authentication
Trying to configure my reverse proxy with basic authentication before forward the traffic to my back end server. 在将流量转发到我的后端服务器之前,尝试使用基本身份验证配置我的反向代理。 Can any one give me a solution.
任何人都可以给我一个解决方案。
Example here: 这里的例子:
User(internet) -> reverse proxy / vhosts server (need to add basic authentication here ) -> back end server ( non authenticated ) 用户(互联网) - >反向代理/虚拟服务器(需要在此处添加基本身份验证) - >后端服务器(未经过身份验证)
You can follow the instructions here: Authentication, Authorization and Access Control . 您可以按照此处的说明进行操作: 身份验证,授权和访问控制 。 The main difference for your reverse proxy is that you'll want to put the auth stuff inside a Location block, even though the docs say that they're only allowed in Directory blocks:
反向代理的主要区别在于,您希望将auth内容放在Location块中,即使文档说它们只允许在Directory块中:
<Location />
AuthType Basic
...
</Location>
Outside the Location block you can put your proxy commands, such as: 在Location块之外,您可以放置代理命令,例如:
ProxyPass / http://localhost:8080/
Here's the config I have used to accomplish basic authentication over https against a database. 这是我用于通过https对数据库完成基本身份验证的配置。 My backend server is running Tomcat and I connect to it using AJP.
我的后端服务器正在运行Tomcat,我使用AJP连接到它。 The funny port number (4443) is because the standard port (443) was already used, and I didn't want to configure several https services on the same port.
有趣的端口号(4443)是因为已经使用了标准端口(443),我不想在同一端口上配置多个https服务。
<IfModule mod_ssl.c>
NameVirtualHost *:4443
<VirtualHost *:4443>
ServerAdmin webmaster@localhost
ServerName ws.myserver.se
ServerAlias ws.myserveralias.se
ErrorLog /var/log/apache2/ajpProxy.error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel info
CustomLog /var/log/apache2/ajpProxy.log combined
DBDriver mysql
DBDParams "host=127.0.0.1 port=3306 user=proxyAuthUser pass=yourDbPasswordHere dbname=yourDbName"
DBDMin 4
DBDKeep 8
DBDMax 20
DBDExptime 300
<Proxy *>
# core authentication and mod_auth_basic configuration
# for mod_authn_dbd
AuthType Basic
AuthName "Backend auth name"
AuthBasicProvider dbd
# core authorization configuration
Require valid-user
# mod_authn_dbd SQL query to authenticate a user
AuthDBDUserPWQuery \
"SELECT password FROM user WHERE emailAddress = %s"
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/apache2/ssl/yourCertificateFile.crt
SSLCertificateKeyFile /etc/apache2/ssl/yourPrivateKeyFile.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
First, check if your apache2 has the utils package 首先,检查您的apache2是否具有utils包
sudo apt-get install apache2-utils
Then, set the username and password. 然后,设置用户名和密码。
sudo htpasswd -c /etc/apache2/.htpasswd <username>
After that, edit your reverse proxy to use the authentication 之后,编辑反向代理以使用身份验证
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://someaddress:1234/
ProxyPassReverse / http://someaddress:1234/
Timeout 5400
ProxyTimeout 5400
ServerName dev.mydomain.com
ServerAlias *.dev.mydomain.com
<Proxy *>
Order deny,allow
Allow from all
Authtype Basic
Authname "Password Required"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Proxy>
</virtualhost>
At least, update your apache 至少,更新你的apache
sudo service apache2 reload
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.