标签:http nginx dc 认证 Nginx proxy conf LDAP gzip
编译安装nginx
git clone https://github.com/kvspb/nginx-auth-ldap.git
wget http://nginx.org/download/nginx-1.18.0.tar.gz
yum -y install openldap-devel pcre-devel openssl-devel
tar -zxvf nginx-1.18.0.tar.gz
cd nginx-1.18.0/
./configure --add-module=/root/nginx-auth-ldap --prefix=/opt/nginx --with-http_addition_module --with-http_stub_status_module
make install
nginx.conf配置
user root;
worker_processes auto;
worker_rlimit_nofile 102400;
events {
worker_connections 10240;
multi_accept on;
use epoll;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 32k;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
client_max_body_size 100m;
client_body_buffer_size 50m;
ldap_server openldap {
=accounts,dc=o,dc=xxx,dc=com?uid?sub?(objectClass=person);
binddn "uid=keycloakbot,cn=users,cn=accounts,dc=o,dc=xxx,dc=com";
binddn_passwd "12345678";
group_attribute uniquemember;
group_attribute_is_dn on;
require valid_user;
}
include /opt/nginx/conf/conf.d/*.conf;
}
prometheus web增加认证示例:conf.d/prometheus.conf
#prod prometheus
server {
listen 19090;
server_name prom.xxx.com;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
auth_ldap "xxx SSO";
auth_ldap_servers openldap;
proxy_pass http://172.23.13.67:31269;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 1200s;
}
}
标签:http,
nginx,
dc,
认证,
Nginx,
proxy,
conf,
LDAP,
gzip
From: https://blog.51cto.com/starsliao/5764170