堆栈内存溢出
  简体   繁体   English

具有基本身份验证的Apache反向代理

[英]Apache reverse proxy with basic authentication

 原文  2011-02-16 00:21:52       apache/ authentication/ proxy/ reverse/ reverse-proxy

问题描述

Trying to configure my reverse proxy with basic authentication before forward the traffic to my back end server. 在将流量转发到我的后端服务器之前,尝试使用基本身份验证配置我的反向代理。 Can any one give me a solution. 任何人都可以给我一个解决方案。

Example here: 这里的例子:

User(internet) -> reverse proxy / vhosts server (need to add basic authentication here ) -> back end server ( non authenticated ) 用户(互联网) - >反向代理/虚拟服务器(需要在此处添加基本身份验证) - >后端服务器(未经过身份验证)

3 个解决方案

解决方案1
 69  2011-10-13 19:51:12

You can follow the instructions here: Authentication, Authorization and Access Control . 您可以按照此处的说明进行操作: 身份验证,授权访问控制 The main difference for your reverse proxy is that you'll want to put the auth stuff inside a Location block, even though the docs say that they're only allowed in Directory blocks: 反向代理的主要区别在于,您希望将auth内容放在Location块中,即使文档说它们只允许在Directory块中: 

<Location />
    AuthType Basic
    ...
</Location>

Outside the Location block you can put your proxy commands, such as: 在Location块之外,您可以放置​​代理命令,例如: 

ProxyPass / http://localhost:8080/

解决方案2
 17  2014-03-19 14:13:40

Here's the config I have used to accomplish basic authentication over https against a database. 这是我用于通过https对数据库完成基本身份验证的配置。 My backend server is running Tomcat and I connect to it using AJP. 我的后端服务器正在运行Tomcat,我使用AJP连接到它。 The funny port number (4443) is because the standard port (443) was already used, and I didn't want to configure several https services on the same port. 有趣的端口号(4443)是因为已经使用了标准端口(443),我不想在同一端口上配置多个https服务。 

<IfModule mod_ssl.c>
NameVirtualHost *:4443
<VirtualHost *:4443>
        ServerAdmin webmaster@localhost
        ServerName ws.myserver.se
        ServerAlias ws.myserveralias.se
        ErrorLog /var/log/apache2/ajpProxy.error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel info

        CustomLog /var/log/apache2/ajpProxy.log combined

        DBDriver mysql
        DBDParams "host=127.0.0.1 port=3306 user=proxyAuthUser pass=yourDbPasswordHere dbname=yourDbName"
        DBDMin  4
        DBDKeep 8
        DBDMax  20
        DBDExptime 300        

        <Proxy *>
              # core authentication and mod_auth_basic configuration
              # for mod_authn_dbd
              AuthType Basic
              AuthName "Backend auth name"
              AuthBasicProvider dbd

             # core authorization configuration
              Require valid-user

              # mod_authn_dbd SQL query to authenticate a user
              AuthDBDUserPWQuery \
                "SELECT password FROM user WHERE emailAddress = %s"

              AddDefaultCharset Off
              Order deny,allow
              Allow from all
        </Proxy>

        ProxyPass / ajp://localhost:8009/
        ProxyPassReverse / ajp://localhost:8009/

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile    /etc/apache2/ssl/yourCertificateFile.crt
        SSLCertificateKeyFile /etc/apache2/ssl/yourPrivateKeyFile.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

        BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        # MSIE 7 and newer should be able to use keepalive
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>

解决方案3
 11  2017-02-08 21:07:15

First, check if your apache2 has the utils package 首先,检查您的apache2是否具有utils包 

sudo apt-get install apache2-utils

Then, set the username and password. 然后,设置用户名和密码。 

sudo htpasswd -c /etc/apache2/.htpasswd <username>

After that, edit your reverse proxy to use the authentication 之后,编辑反向代理以使用身份验证 

<VirtualHost *:80>
    ProxyPreserveHost On

    ProxyPass / http://someaddress:1234/
    ProxyPassReverse / http://someaddress:1234/

    Timeout 5400
    ProxyTimeout 5400

    ServerName dev.mydomain.com
    ServerAlias *.dev.mydomain.com

    <Proxy *>
        Order deny,allow
        Allow from all
        Authtype Basic
        Authname "Password Required"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
    </Proxy>
</virtualhost>

At least, update your apache 至少,更新你的apache 

sudo service apache2 reload

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 反向代理的Apache基本身份验证问题 - Apache basic authentication issue with reverse proxy 具有基本身份验证的Apache和Tomcat反向代理:Tomcat可以接收用户名吗? - Apache & Tomcat reverse proxy with basic authentication: Can Tomcat receive the username? Apache 2.4 反向代理设置不能强加基本身份验证 - Apache 2.4 reverse proxy setup cannot impose basic authentication Apache反向代理后端认证 - Apache reverse proxy backend authentication 代理apache的基本身份验证(httpd) - Basic authentication for proxy apache (httpd) 使用apache mod proxy删除基本身份验证标头 - Remove basic authentication header with apache mod proxy python tornado用户身份验证,然后通过apache反向代理 - python tornado user authentication and then reverse proxy via apache 使用 Apache 反向代理处理 plack/PSGI 应用程序的身份验证 - Handling authentication with Apache reverse proxy for plack/PSGI app 使用基于表单的 ldap 身份验证在 apache 反向代理上登录 CSRF 保护 - Login CSRF protection on an apache reverse proxy with form based ldap authentication 通过Apache反向代理进行Spring Boot证书身份验证 - Spring Boot certificate authentication via Apache reverse proxy
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM