nginx location and Django auth

青春壹個敷衍的年華 提交于 2021-01-01 07:39:24

问题


I'm trying to create a NGINX redirect based on an URL param in the querystring. Basically having:

http://localhost/redirect/?url=https://www.google.it/search?dcr=0&source=hp&q=django&oq=django

and

location /redirect/ {
    proxy_cache STATIC;
    # cache status code 200 responses for 10 minutes
    proxy_cache_valid 200 1d;
    proxy_cache_revalidate on;
    proxy_cache_min_uses 3;
    # use the cache if there's a error on app server or it's updating from another request
    proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
    # don't let two requests try to populate the cache at the same time
    proxy_cache_lock on;

    # Strip out query param "timestamp"
    if ($args ~ (.*)&timestamp=[^&]*(.*)) {
      set $args $1$2;
    }

    return 302 $arg_url$args;
}

Now, only Django authenticated users (JWT/Cookie) can use the /redirect?url= end point, hence is it possible to implement a session/cookie check without opening a proxy to the entire world?

Anyway I could do it at the Django level (https://github.com/mjumbewu/django-proxy/blob/master/proxy/views.py) but I suppose it's faster and less computationally expensive at the NGINX level.

Thanks,

D


回答1:


redirecting & proxying is different things, for getting django-proxy functionality you need to use nginx reverse proxy option instead of redirect.

# django-proxy code fragment
response = requests.request(request.method, url, **requests_args)
proxy_response = HttpResponse(
        response.content,
        status=response.status_code)

Nginx config for reverse proxying & auth

server {
    listen 80;
    server_name youtdomain.com;

    location / {
        # use django for authenticating request
        auth_request /django-app/;
        # a proxy to otherdomain
        proxy_pass http://otherdomain.com;
        proxy_set_header Host otherdomain.com;
    }

    location /django-app/{
        internal; # protect from public access
        proxy_pass http://django-app;
    }
}

Django app should return 200 status code for authenticated users 401 otherwise, you can read more details about auth_request here




回答2:


Based on the previous answers (thanks!) this is the solution:

http {
    upstream app_api {
    # server 172.69.0.10:8000;
    server api:8000;
    # fail_timeout=0 means we always retry an upstream even if it failed
    # to return a good HTTP response (in case the Unicorn master nukes a
    # single worker for timing out).
    # server unix:/var/www/gmb/run/gunicorn.sock fail_timeout=0;
  }

server {

    location = /auth {
      proxy_pass http://app_api/api-auth/login/;
      proxy_pass_request_body off;
      proxy_set_header Content-Length "";
      proxy_set_header X-Original-URI $request_uri;
    }

    location /redirect/ {
      auth_request /auth;

      proxy_cache STATIC;

      # cache status code 200 responses for 10 minutes
      proxy_cache_valid 200 1d;
      proxy_cache_revalidate on;
      proxy_cache_min_uses 3;
      # use the cache if there's a error on app server or it's updating from another request
      proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
      # don't let two requests try to populate the cache at the same time
      proxy_cache_lock on;

      # Strip out query param "timestamp"
      if ($args ~ (.*)&timestamp=[^&]*(.*)) {
        set $args $1$2;
      }
      return 302 $arg_url$args;
    }


来源:https://stackoverflow.com/questions/46421589/nginx-location-and-django-auth

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!