HAProxy或Apache mod_proxy的OAuth令牌验证 [英] OAuth token validation from HAProxy or Apache mod_proxy
问题描述
我在内部网络内部的HAProxy负载均衡器后面的3个节点上部署了微服务.服务使用OAuth2 APIS授权服务器进行保护.现在,我想将HAProxy移至DMZ.而且我想拒绝标头中没有身份验证令牌的请求,并通过调用OAuth REST API来验证身份验证令牌.
I have a microservice deployed on 3 nodes sitting behind a HAProxy load balancer all inside internal network. The services are protected using OAuth2 APIS authorization server. Now, I want to move the HAProxy to DMZ. And I want to reject requests that do not have auth token in the header and also validate the auth token by calling OAuth REST API.
在HAProxy中,我找不到执行此操作的方法.有一个option httpchk
可用于运行状况检查.我正在寻找可用于验证每个传入请求的类似功能.
In HAProxy I couldn't find a way to do this. There is an option httpchk
which can be used for healthcheck. I'm looking for a similar feature that can be used to validate each incoming request.
任何人都可以帮助我建议如何使用HAProxy或Apache mod_proxy来实现这一点吗?
Can anyone please help suggest me on how to implement this using HAProxy or Apache mod_proxy?
推荐答案
有Apache模块mod_auth_openidc
,允许您针对授权服务器验证OAuth 2.0令牌,请参见:
There's the Apache module mod_auth_openidc
that would allow you to validate OAuth 2.0 tokens against an Authorization Server, see: https://github.com/zmartzone/mod_auth_openidc. That module can be combined with mod_proxy to achieve what you are looking for.
这篇关于HAProxy或Apache mod_proxy的OAuth令牌验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!