我怎么能成立nginx的自动验证层？ [英] How can I set up an automatic authentication layer in nginx?

问题描述

我建立的应用程序生态系统在一个共同的领域，下一个单独的子域的每个应用程序。我已经建立了对生态系统的认证的应用，但它要求彼此申请被专门配置来使用它。是否有nginx的配置来管理用户会话，可能是转发的用户信息作为头以各种应用程序的方法吗？

I'm building an ecosystem of applications under a common domain, with each application under a separate subdomain. I have built an authentication application for the ecosystem, but it requires each other application to be specially configured to use it. Is there a way to configure nginx to manage user sessions, possibly forwarding user information as headers to the various applications?

推荐答案

让我告诉你跨应用程序认证的通用模式，你可以使用nginx：

Let me show you a common pattern for cross-application authentications you can use with Nginx:

1）建立所谓auth_service独立的服务，根据需要从Web应用程序独立工作。

1) Build standalone service called auth_service, work independently from the web applications as required

2）每个子应用程序将有一个单独的位置来代理相同的认证服务

2) Each subdomain apps will have an individual location that proxies to the same authentication service

location = /auth {
  proxy_pass http://auth_service.localhost/authenticate;
  proxy_pass_request_body off;
  proxy_set_header Content-Length "";
  proxy_set_header X-Original-URI $request_uri;
}

3）单个Web应用程序使用/ AUTH的位置通过登录/密码（基于POST数据，报头或临时令牌）

3) Individual web app uses "/auth" location to pass login/pass (based on POST data, headers or temporary tokens)

4）独立服务的处理程序/认证接受网络应用程序登录/密码，如果失败，返回200或401

4) Standalone service's handler "/authenticate" accepts web apps login/pass and returns 200 or 401 if failed

这种方法的根源是/ AUTH位置坐落在每个自己的子域基础的应用，
在服务器端调度呼叫到单鉴定终点可以有效地重复使用，并且你能避免code重复。

The root of this approach is "/auth" location sits on each own subdomain based application, the server side dispatches the call to the single authentication end point which can be re-used efficiently and you can avoid code duplication.

本模块验证申请默认情况下不建，而是带有源code。使用前刚刚Nginx的编译使用--with-http_auth_request_module选项。

This module Auth Request is not build by default, but comes with source code. Before use just compile Nginx with --with-http_auth_request_module option.

更新：由于Nginx的1.5.4这个插件自带标准分布，而不需要编译它单独

UPDATE: Since Nginx 1.5.4 this plugin comes in standard distribution without require to compile it in separately.

这篇关于我怎么能成立nginx的自动验证层？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！