Pages

Friday, 29 July 2022

一个反向代理程序:aproxy-by-shunfei

 a reverse proxy that includes authentication.

aproxy is a reverse proxy that includes authentication. It is designed to protect the resources that you want to expose, but only allow some one has you permission to access.

Screenshot

Backend config:

Role List:

Authority config:

Install

Install from source

cd $GOPATH/src
git clone https://github.com/shunfei/aproxy.git
cd aproxy
sh ./install.sh

Install from tarball

Go to releases page download the tar file.

tar xzvf aproxy-v0.1-xxxx-xxx-xx.tar.gz
cd aproxy-v0.1-xxxx-xxx-xx
cp conf/aproxy.toml.example conf/aproxy.toml

Run

Before running, your need set up MongoDB and Redis (MongoDB for config storage, Redis for session storage), and change the config in conf/aproxy.toml.

./bin/aproxy -c conf/aproxy.toml

By now there is no users in the database, so let me add a user:

./bin/adduser -c conf/aproxy.toml -action adduser -email yourname@gmail.com -pwd passwordxxx

And the user added above do not have admin permission, so let me set it to admin.

./bin/adduser -c conf/aproxy.toml -action setadmin -email yourname@gmail.com -adminlevel 99

And now you can visit http://127.0.0.1:8098/-_-aproxy-_-/ and config your aproxy.

Config

conf/aproxy.toml

Nginx Config Example

Assuming that the resources required authorized all are the domain of pri.domain.com's subdomain, Aproxy nginx server configuration should look like:

server {
  listen 80;
  server_name pri.domain.com *.pri.domain.com;

  location / {
    proxy_redirect      off;
    proxy_set_header    Host 			$host;
    proxy_set_header    X-Real-IP 		$remote_addr;
    proxy_set_header    X-Forwarded-For	$proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto $scheme;
    # pass to aproxy
    proxy_pass http://127.0.0.1:8098;
  }

}

And then set the WildCard DNS Record *.pri.domain.com to this nginx server.

Assume that we have the following domain:

  • pri.domain.com
  • hadoop.pri.domain.com
  • druid.pri.domain.com
  • aerospike.pri.domain.com

Then we can set the login domain to pri.domain.com, to ensure that the sub-domain of pri.domain.com ( for example hadoop.pri.domain.com) can get the session cookies after login.
So we change conf/aproxy.toml to set the domain:

loginHost = "http://pri.domain.com"
[session]
domain = "pri.domain.com" 
from https://github.com/shunfei/aproxy 

 

No comments:

Post a Comment