kibana通過tengine(nginx)實現反向代理openldap認證

首先是tengine安裝設置

1、安裝依賴。

<code>#yum -y install openldap-devel
#yum install pcre pcre-devel -y
#yum -y install openssl openssl-devel
#yum groupinstall "Development Tools" -y/<code>

2、下載nginx-auth-ldap模塊。

<code>#yum -y install git
#cd /soft/
#git clone https://github.com/kvspb/nginx-auth-ldap.git/<code>

3、下載/安裝tengine壓縮包。

<code>#cd /soft
#wget http://tengine.taobao.org/download/tengine-2.2.2.tar.gz
#tar zxvf tengine-2.2.2.tar.gz
# cd   tengine-2.2.2
#./configure --prefix=/soft/tengine    --with-threads --with-http_ssl_module --with-http_sub_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_realip_module --with-http_addition_module --with-http_v2_module
#make  && make install/<code>

4、引入nginx ldap模塊。

<code>#cd /soft/tengine/sbin
#./dso_tool --add-module=/soft/nginx-auth-ldap/<code>

5、nginx引入ldap模塊及其相關配置

<code>#cat nginx.conf
worker_processes  1;
events {
    worker_connections  1024;
}
dso {
  load ngx_http_auth_ldap_module.so;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    log_format elk_nobody 'nginx-$http_host [$time_iso8601] $remote_addr $remote_user $scheme $uri $request_method "$query_string" body $body_bytes_sent $status $http_x_real_ip $http_x_forwarded_for $upstream_addr $upstream_status $http_trace_id $http_span_id $request_time $upstream_response_time $http_referer $http_user_agent';
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       8023;
        server_name  localhost;
        location / {
            root   html;
            index  index.html index.htm;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
    ldap_server wanyan-ldap {
    \turl ldap://xx.xx.xx.xx:389/DC=xiaoma,DC=cn?cn?sub?(objectClass=inetorgperson);
    \tbinddn "cn=admin,dc=wanyan,dc=cn";
    \tbinddn_passwd "xxxxxx";
    \tgroup_attribute uniqueMember;
    \tgroup_attribute_is_dn on;
    \trequire valid_user;
    }
    server {
        listen       80;
        server_name  localhost;
        access_log /var/log/nginx/access.log elk_nobody;
        error_log  /var/log/nginx/error.log;
        location / {
                stub_status on;
                auth_ldap_servers wanyan-ldap;
\t\tauth_ldap "Forbidden";
                proxy_pass http://10.88.0.250:5601;
        }
}
}/<code>

閱讀更多 ethnicity 的文章

關鍵字: Scheme OpenSSL HTML