4

我正在尝试使用 keycloak 代理设置 auth_request,但它不起作用(Nginx 返回 500 状态代码)。

这是我的例子:

nginx.conf

upstream target_host {
    server prometheus:9090;
}

upstream oauth_host {
    server keycloak-proxy:8181;
}

server {

  listen 80;
  server_name myexample.com;


  location = /oauth2/ {
    proxy_pass       http://oauth_host/oauth2/;
    proxy_redirect              default;
    proxy_set_header   Host             $host;
    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header   X-Original-URI $request_uri;
    proxy_set_header   Content-Length   "";
    proxy_pass_request_body           off;
  }

  location / {
      auth_request /oauth2/; 
      proxy_pass http://target_host/;
  }
}

代理.json

{
    "target-url": "http://myexample.com/",
    "target-request-timeout": "60000",
    "send-access-token": true,
    "bind-address": "0.0.0.0",
    "http-port": "8181",
    "applications": [
        {
            "base-path": "/oauth2/",
            "proxy-address-forwarding": true,
            "adapter-config": {
                "realm": "test",
                "disable-trust-manager": true,
                "resource": "account",
                "auth-server-url": "https://keycloak:8443/auth",
                "ssl-required" : "external",
                "credentials": {
                    "secret": "75ddbbd9-e98c-437e-9815-a8b66e9e58ec"
                }
            }
            ,
            "constraints": [
                {
                    "pattern": "/*",
                    "roles-allowed": [
                        "custom_role"
                    ]
                }
            ]
        }
    ]
}

Nginx 日志:

172.19.0.1 - - [03/Sep/2018:14:50:14 +0200] "GET / HTTP/1.1" 500 193 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
172.19.0.1 - - [03/Sep/2018:14:50:14 +0200] "GET / HTTP/1.1" 500 193 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
2018/09/03 14:50:14 [error] 8#8: *21 auth request unexpected status: 302 while sending to client, client: 172.19.0.1, server: myexample.com, request: "GET / HTTP/1.1", host: "myexample.com"
2018/09/03 14:50:14 [error] 8#8: *23 auth request unexpected status: 302 while sending to client, client: 172.19.0.1, server: myexample.com, request: "GET / HTTP/1.1", host: "myexample.com"

我想知道如何正确设置 auth_request。任何人都可以帮忙吗?

谢谢

4

1 回答 1

2

您对 oAuth2 服务的请求正在使用302HTTP 代码重定向,也许如果您遵循重定向它会给您您希望的响应。

location = /oauth2/ {
    # Other stuff..
    # You may need to comment out this:
    # proxy_redirect default;
    # Then, add this:
    proxy_intercept_errors on;
    error_page 302 = @handle_redirect;
}
location @handle_redirect {
    set $saved_redirect_location '$upstream_http_location';
    proxy_pass $saved_redirect_location;
}
于 2018-09-03T22:07:20.230 回答