kibana通過tengine(nginx)實現反向代理openldap認證

首先是tengine安裝設置

1、安裝依賴。

<code>#yum -y install openldap-devel
#yum install pcre pcre-devel -y
#yum -y install openssl openssl-devel
#yum groupinstall "Development Tools" -y/<code>

2、下載nginx-auth-ldap模塊。

<code>#yum -y install git
#cd /soft/
#git clone https://github.com/kvspb/nginx-auth-ldap.git/<code>

3、下載/安裝tengine壓縮包。

<code>#cd /soft
#wget http://tengine.taobao.org/download/tengine-2.2.2.tar.gz
#tar zxvf tengine-2.2.2.tar.gz
# cd tengine-2.2.2
#./configure --prefix=/soft/tengine --with-threads --with-http_ssl_module --with-http_sub_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_realip_module --with-http_addition_module --with-http_v2_module
#make && make install/<code>

4、引入nginx ldap模塊。

<code>#cd /soft/tengine/sbin
#./dso_tool --add-module=/soft/nginx-auth-ldap/<code>

5、nginx引入ldap模塊及其相關配置

<code>#cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
dso {
load ngx_http_auth_ldap_module.so;
}
http {
include mime.types;
default_type application/octet-stream;
log_format elk_nobody 'nginx-$http_host [$time_iso8601] $remote_addr $remote_user $scheme $uri $request_method "$query_string" body $body_bytes_sent $status $http_x_real_ip $http_x_forwarded_for $upstream_addr $upstream_status $http_trace_id $http_span_id $request_time $upstream_response_time $http_referer $http_user_agent';
sendfile on;
keepalive_timeout 65;
server {
listen 8023;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
ldap_server wanyan-ldap {
\turl ldap://xx.xx.xx.xx:389/DC=xiaoma,DC=cn?cn?sub?(objectClass=inetorgperson);
\tbinddn "cn=admin,dc=wanyan,dc=cn";
\tbinddn_passwd "xxxxxx";
\tgroup_attribute uniqueMember;
\tgroup_attribute_is_dn on;
\trequire valid_user;
}
server {
listen 80;
server_name localhost;
access_log /var/log/nginx/access.log elk_nobody;
error_log /var/log/nginx/error.log;
location / {
stub_status on;
auth_ldap_servers wanyan-ldap;
\t\tauth_ldap "Forbidden";
proxy_pass http://10.88.0.250:5601;
}
}
}/<code>


kibana通過tengine(nginx)實現反向代理openldap認證


分享到:


相關文章: