User Tools
сервис_http
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
сервис_http [2023/11/14 14:03] val [Управление доступом к HTTP серверу с использованием OAuth2 аутентификации] |
сервис_http [2024/05/05 18:37] (current) val [HTTPS Прокси (пример 4)] |
||
|---|---|---|---|
| Line 87: | Line 87: | ||
| ==== CentOS ==== | ==== CentOS ==== | ||
| - | * Сервис Firewall [[Сервис Firewall#CentOS 7]] | + | * Сервис Firewall [[Сервис Firewall#CentOS]] |
| <code> | <code> | ||
| Line 816: | Line 816: | ||
| [[http://grolmsnet.de/kerbtut/firefox.html]] | [[http://grolmsnet.de/kerbtut/firefox.html]] | ||
| - | ==== Управление доступом к HTTP серверу с использованием OAuth2 аутентификации ==== | + | ==== Управление доступом к HTTP серверу с использованием OpenID аутентификации ==== |
| * [[https://github.com/zmartzone/mod_auth_openidc/wiki/GitLab-OAuth2]] | * [[https://github.com/zmartzone/mod_auth_openidc/wiki/GitLab-OAuth2]] | ||
| - | * [[Инструмент GitLab#Сервер OAuth2]] из GitLab | + | * [[Инструмент GitLab#Сервер OpenID]] из GitLab |
| - | * [[Сервис OAuth2#Keycloak]] | + | * [[Сервис Keycloak]] |
| * [[https://www.janua.fr/using-apache2-mod_auth_openidc-module-with-keycloak-openid-connect/|Using apache2 mod_auth_openidc module with Keycloak (OpenID Connect)]] | * [[https://www.janua.fr/using-apache2-mod_auth_openidc-module-with-keycloak-openid-connect/|Using apache2 mod_auth_openidc module with Keycloak (OpenID Connect)]] | ||
| Line 832: | Line 832: | ||
| <IfDefine ENABLE_USR_LIB_CGI_BIN> | <IfDefine ENABLE_USR_LIB_CGI_BIN> | ||
| - | # GitLab | + | ## GitLab |
| OIDCSSLValidateServer Off | OIDCSSLValidateServer Off | ||
| - | OIDCProviderMetadataURL https://server.corp13.un/.well-known/openid-configuration | + | OIDCProviderMetadataURL https://server.corpX.un/.well-known/openid-configuration |
| - | OIDCRedirectURI http://gate.corp13.un/cgi-bin/test-cgi | + | OIDCRedirectURI http://gate.corpX.un/cgi-bin/test-cgi |
| OIDCClientID e...............................................4 #Application ID | OIDCClientID e...............................................4 #Application ID | ||
| OIDCClientSecret 7.................................................4 #Secret | OIDCClientSecret 7.................................................4 #Secret | ||
| OIDCCryptoPassphrase anystring | OIDCCryptoPassphrase anystring | ||
| - | # Keycloak | + | ## Keycloak |
| OIDCSSLValidateServer Off | OIDCSSLValidateServer Off | ||
| - | OIDCProviderMetadataURL https://server.corp13.un:8443/realms/corpX/.well-known/openid-configuration | + | OIDCProviderMetadataURL https://keycloak.corpX.un/realms/corpX/.well-known/openid-configuration |
| - | OIDCRedirectURI http://gate.corp13.un/cgi-bin/test-cgi | + | OIDCRedirectURI http://gate.corpX.un/cgi-bin/test-cgi |
| - | OIDCClientID test-cgi | + | #OIDCClientID test-cgi |
| + | OIDCClientID any-client | ||
| OIDCCryptoPassphrase anystring | OIDCCryptoPassphrase anystring | ||
| ... | ... | ||
| Line 854: | Line 855: | ||
| # a2enmod auth_openidc | # a2enmod auth_openidc | ||
| </code><code> | </code><code> | ||
| - | Проверка: http://gate.corp13.un/cgi-bin/test-cgi/ !!! Последний / обязательно !!! | + | Проверка: http://gate.corpX.un/cgi-bin/test-cgi/ !!! Последний / обязательно !!! |
| </code> | </code> | ||
| Line 891: | Line 892: | ||
| * [[https://mail.bmstu.ru:9100/~val/Mastering%20NGINX%20RUS.pdf]] | * [[https://mail.bmstu.ru:9100/~val/Mastering%20NGINX%20RUS.pdf]] | ||
| + | * [[https://blog.sefdar.ru/nginx-%D0%BF%D0%B5%D1%80%D0%B5%D0%BD%D0%B0%D0%BF%D1%80%D0%B0%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F-proxy_redirect-%D0%B8-redirect/|NGINX перенаправления proxy_redirect и redirect]] | ||
| <code> | <code> | ||
| Line 906: | Line 908: | ||
| } | } | ||
| } | } | ||
| - | </code><code> | + | </code> |
| + | === Подключение, тестирование, применение и мониторинг конфигурации === | ||
| + | <code> | ||
| # ln -s /etc/nginx/sites-available/user1 /etc/nginx/sites-enabled/user1 | # ln -s /etc/nginx/sites-available/user1 /etc/nginx/sites-enabled/user1 | ||
| # service nginx configtest | # service nginx configtest | ||
| - | |||
| # tail /var/log/nginx/error.log | # tail /var/log/nginx/error.log | ||
| или | или | ||
| - | # nginx -t -c /etc/nginx/nginx.conf | + | # nginx -t #-c /etc/nginx/nginx.conf |
| + | или | ||
| + | # nginx -T | ||
| # service nginx restart | # service nginx restart | ||
| + | |||
| + | # tail -f /var/log/nginx/access.log -f /var/log/nginx/error.log | ||
| </code><code> | </code><code> | ||
| gate.isp.un$ wget -O - -q http://server.corpX.un | gate.isp.un$ wget -O - -q http://server.corpX.un | ||
| Line 936: | Line 943: | ||
| location / { | location / { | ||
| proxy_pass http://myapp1; | proxy_pass http://myapp1; | ||
| - | |||
| - | # proxy_set_header Host $host; | ||
| - | # proxy_set_header X-Forwarded-For $remote_addr; | ||
| - | |||
| } | } | ||
| } | } | ||
| - | </code><code> | ||
| - | # ln -s /etc/nginx/sites-available/myapp1 /etc/nginx/sites-enabled/myapp1 | ||
| </code> | </code> | ||
| + | |||
| + | * [[#Подключение, тестирование, применение и мониторинг конфигурации]] | ||
| ==== Прокси "красивого" URL в приложение (пример 3) ==== | ==== Прокси "красивого" URL в приложение (пример 3) ==== | ||
| Line 970: | Line 973: | ||
| listen 80; | listen 80; | ||
| server_name mail.corpX.un; | server_name mail.corpX.un; | ||
| - | + | return 301 http://server.corpX.un:81/mail; | |
| - | location / { | + | # return 301 http://gate.corpX.un:81/mail; |
| - | proxy_pass http://server.corpX.un:81/mail/; | + | |
| - | # proxy_pass http://gate.corpX.un:81/mail/; | + | |
| - | } | + | |
| } | } | ||
| server { | server { | ||
| Line 1010: | Line 1010: | ||
| root@server# gitlab-ctl restart nginx | root@server# gitlab-ctl restart nginx | ||
| </code> | </code> | ||
| + | |||
| + | ==== HTTPS Прокси (пример 4) ==== | ||
| + | |||
| + | <code> | ||
| + | gate1.corp13.un:~# cat /etc/nginx/sites-available/gowebd | ||
| + | </code><code> | ||
| + | server { | ||
| + | listen 80; | ||
| + | server_name gowebd.corp13.un; | ||
| + | return 301 https://gowebd.corp13.un$request_uri; | ||
| + | } | ||
| + | |||
| + | server { | ||
| + | listen 443 ssl; | ||
| + | server_name gowebd.corp13.un; | ||
| + | ssl_certificate /root/gowebd.crt; | ||
| + | ssl_certificate_key /root/gowebd.key; | ||
| + | |||
| + | location / { | ||
| + | proxy_pass http://192.168.13.64; | ||
| + | |||
| + | # proxy_set_header Host $host; | ||
| + | # proxy_set_header X-Forwarded-For $remote_addr; | ||
| + | |||
| + | # proxy_set_header X-Forwarded-Proto $scheme; | ||
| + | # proxy_set_header X-Forwarded-Port $server_port; | ||
| + | } | ||
| + | } | ||
| + | </code> | ||
| + | |||
| + | |||
| + | * [[#Подключение, тестирование, применение и мониторинг конфигурации]] | ||
| + | |||
| + | ===== Нагрузочное тестирование ===== | ||
| + | |||
| + | * [[Сервис INETD]] | ||
| + | |||
| + | * [[https://github.com/wg/wrk|wrk - a HTTP benchmarking tool]] | ||
| + | |||
| + | * [[https://lindevs.com/install-vegeta-on-ubuntu|Install Vegeta on Ubuntu 20.04]] | ||
| + | * [[https://github.com/tsenart/vegeta/releases|github/tsenart/vegeta/releases]] | ||
| + | * [[https://val.bmstu.ru/unix/WWW/vegeta_12.11.0_linux_amd64.tar.gz]] | ||
| + | |||
| + | <code> | ||
| + | external-host# curl http://192.168.13.10:8000 | ||
| + | |||
| + | external-host# echo "GET http://192.168.13.10:8000" | vegeta attack -duration=20s -rate=100 | vegeta report | ||
| + | |||
| + | server# tail -f /var/log/syslog | ||
| + | </code> | ||
| + | |||
сервис_http.1699959817.txt.gz · Last modified: 2023/11/14 14:03 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
