2

我们在反向代理后面使用https://aws.amazon.com/amazon-mq/的Web 控制台

大多数基本功能都可以正常工作,但是 Web 面板中的几乎所有活动操作(将消息发送到队列、清除队列......)最终都会出现在亚马逊内部 url ( https://b-asdfsad-fsdfasdf-asdfasdf. mq.eu-central-1.amazonaws.com),因此避开了反向代理并最终导致错误,因为出于安全原因我们阻止直接访问它。

知道如何使用可用的 AmazonMQ 配置选项告诉 Web 控制台,以防止重定向到除可访问反向代理的 URL 之外的任何内容?

使用此配置使用 Nginx Reverse 进行更新:

set $proxy_pass_url https://abc-def-xyz-1.mq.eu-central-1.amazonaws.com:8162;
location / {
  proxy_pass $proxy_pass_url;
  proxy_http_version 1.1;
  proxy_set_header Authorization "Basic AUTHSTRING";
  proxy_set_header X-Forwarded-User $remote_user;
  proxy_set_header Host abc-def-xyz-1.mq.eu-central-1.amazonaws.com;
  proxy_set_header Connection "Keep-Alive";
  proxy_set_header Proxy-Connection "Keep-Alive";
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-Forwarded-Host $http_host;
}
4

1 回答 1

0

主机标头已设置,但 Active MQs Dashboard Jetty Config 无论如何都需要知道主机,并且可能无法在 AWS 提供的配置中执行此操作。

[...]

    set $proxy_pass_url https://abc-def-xyz-1.mq.eu-central-1.amazonaws.com:8162;

    location / {
      proxy_pass $proxy_pass_url;
      proxy_http_version 1.1;
      proxy_set_header Authorization "Basic AUTHSTRING";
      proxy_set_header X-Forwarded-User $remote_user;
      proxy_set_header Host abc-def-xyz-1.mq.eu-central-1.amazonaws.com:8162;
      proxy_set_header Connection "Keep-Alive";
      proxy_set_header Proxy-Connection "Keep-Alive";
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;
      proxy_set_header        X-Forwarded-Host $http_host;
    }

[...]

于 2018-07-26T12:36:10.597 回答