使用nginx auth_basic_user_file 模块bug #6685
Labels
triage/duplicate
Indicates an issue is a duplicate of other open issue.
Comments
|
相同问题:#5408 /triage duplicate |
f2c-ci-robot
bot
added
the
triage/duplicate
|
建议先移除掉下面这一行试试: proxy_set_header Authorization $http_authorization; |
删除这个试过 也不行 |
|
尝试添配置下内容: server {
server_name halo;
location / {
set $auth_basic_enabled "Require Auth";
if ($http_authorization ~* "Bearer") {
# Disable Basic Auth for Halo PAT
set $auth_basic_enabled "off";
}
auth_basic $auth_basic_enabled;
auth_basic_user_file /etc/nginx/conf.d/htpasswd;
proxy_set_header Host $host;
if ($http_authorization ~* "Basic") {
# Don't pass Basic Authentication here.
set $http_authorization "";
}
proxy_set_header Authorization $http_authorization;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://host.docker.internal:8090/;
}
}我实际测试是可以正常访问的,并且不影响 Halo 的个人令牌。测试结果如下所示: http http://localhost:8080 Authorization:"Bearer pat_xxx"
HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Content-Length: 0
Date: Mon, 23 Sep 2024 15:23:29 GMT
Expires: 0
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx/1.27.1
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
WWW-Authenticate: Bearer error="invalid_token", error_description="An error occurred while attempting to decode the Jwt: Invalid JWT serialization: Missing dot delimiter(s)", error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 0http http://localhost:8080
HTTP/1.1 401 Unauthorized
Connection: keep-alive
Content-Length: 179
Content-Type: text/html
Date: Mon, 23 Sep 2024 15:21:45 GMT
Server: nginx/1.27.1
WWW-Authenticate: Basic realm="Require Auth"
<html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.27.1</center>
</body>
</html>http -a admin:openadmin http://localhost:8080 -pHh
GET / HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Authorization: Basic YWRtaW46b3BlbmFkbWlu
Connection: keep-alive
Host: localhost:8080
User-Agent: HTTPie/3.2.3
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Content-Language: en-CN
Content-Type: text/html
Date: Mon, 23 Sep 2024 15:26:19 GMT
Expires: 0
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx/1.27.1
Transfer-Encoding: chunked
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 0
content-encoding: gzip
set-cookie: XSRF-TOKEN=43950cf6-4cdc-43a0-8dbb-9b87a73feac9; Path=/ |
配置修改之后 问题已经解决 |
|
Halo 2.20(即将发布)我们将默认禁用 Basic 认证。届时可移除多余的配置。 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
系统信息
外部链接:暂不公开(如协作需要请联系)
启动时间:2024/9/20 12点33分
版本:2.19.0
数据库:mysql 8.0/H2
操作系统:Ubuntu 20.04.6 LTS / CentOS Linux release 7.6.1810 (Core)
nginx:nginx/1.18.0 (Ubuntu) / nginx/1.20.1 Centos
apache2-utils :2.4.41-4ubuntu3.21 / httpd-tools-2.4.6-99.el7.centos.1.x86_64
使用的哪种方式运行?
Docker
发生了什么?
多平台测试结果相同 Ubuntu20.04 / Cenots 7
多部署方式测试结果相同 Docker / JAR
使用nginx 反向代理 到halo程序 并auth_basic_user_file 模块 设置登录账号密码 出现重复登录情况,一直鉴权失败。nginx配置如下
htpasswd -c /etc/nginx/htpasswd user1多次确认登录的密码没有错误,并且在nginx上把反向代理切换到其他静态页面会登录成功。
复现步骤
相关日志输出
No response
附加信息
No response
The text was updated successfully, but these errors were encountered: