This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервис_http [2023/09/17 20:11] val [Прокси "красивого" URL в приложение (пример 3)] |
сервис_http [2023/11/07 14:11] val [Управление доступом к HTTP серверу с использованием OAuth2 аутентификации] |
||
---|---|---|---|
Line 820: | Line 820: | ||
* [[https://github.com/zmartzone/mod_auth_openidc/wiki/GitLab-OAuth2]] | * [[https://github.com/zmartzone/mod_auth_openidc/wiki/GitLab-OAuth2]] | ||
* [[Инструмент GitLab#Сервер OAuth2]] из GitLab | * [[Инструмент GitLab#Сервер OAuth2]] из GitLab | ||
+ | * [[Сервис OAuth2#Keycloak]] | ||
+ | |||
+ | * [[https://www.janua.fr/using-apache2-mod_auth_openidc-module-with-keycloak-openid-connect/|Using apache2 mod_auth_openidc module with Keycloak (OpenID Connect)]] | ||
<code> | <code> | ||
gate# apt install libapache2-mod-auth-openidc | gate# apt install libapache2-mod-auth-openidc | ||
- | </code><code> | ||
- | gate# cat /etc/apache2/sites-available/000-default.conf | ||
- | </code><code> | ||
- | ... | ||
- | OIDCSSLValidateServer Off | ||
- | OIDCProviderMetadataURL https://server.corp13.un/.well-known/openid-configuration | ||
- | OIDCRedirectURI http://gate.corp13.un/cgi-bin/test-cgi | ||
- | OIDCClientID e...............................................4 | ||
- | OIDCClientSecret 7.................................................4 | ||
- | OIDCCryptoPassphrase anystring | ||
- | ... | ||
</code><code> | </code><code> | ||
# cat /etc/apache2/conf-available/serve-cgi-bin.conf | # cat /etc/apache2/conf-available/serve-cgi-bin.conf | ||
</code><code> | </code><code> | ||
+ | ... | ||
+ | <IfDefine ENABLE_USR_LIB_CGI_BIN> | ||
+ | |||
+ | # GitLab | ||
+ | OIDCSSLValidateServer Off | ||
+ | OIDCProviderMetadataURL https://server.corp13.un/.well-known/openid-configuration | ||
+ | OIDCRedirectURI http://gate.corp13.un/cgi-bin/test-cgi | ||
+ | OIDCClientID e...............................................4 #Application ID | ||
+ | OIDCClientSecret 7.................................................4 #Secret | ||
+ | OIDCCryptoPassphrase anystring | ||
+ | |||
+ | # Keycloak | ||
+ | OIDCSSLValidateServer Off | ||
+ | OIDCProviderMetadataURL https://server.corp13.un:8443/realms/myrealm/.well-known/openid-configuration | ||
+ | OIDCRedirectURI http://gate.corp13.un/cgi-bin/test-cgi | ||
+ | OIDCClientID test-cgi | ||
+ | OIDCCryptoPassphrase anystring | ||
... | ... | ||
#Require all granted | #Require all granted | ||
Line 842: | Line 851: | ||
Require valid-user | Require valid-user | ||
... | ... | ||
+ | </code><code> | ||
+ | # a2enmod auth_openidc | ||
</code><code> | </code><code> | ||
Проверка: http://gate.corp13.un/cgi-bin/test-cgi/ !!! Последний / обязательно !!! | Проверка: http://gate.corp13.un/cgi-bin/test-cgi/ !!! Последний / обязательно !!! | ||
Line 925: | Line 936: | ||
location / { | location / { | ||
proxy_pass http://myapp1; | proxy_pass http://myapp1; | ||
+ | |||
+ | # proxy_set_header Host $host; | ||
+ | # proxy_set_header X-Forwarded-For $remote_addr; | ||
+ | |||
} | } | ||
} | } |