NGINX 反向代理和 auth_request 背后的 Grafana
Grafana behind NGINX reverse proxy and auth_request
我在端口 2000 上安装了 Grafana 运行,在端口 3000 上安装了一个 rails 应用程序(Puma 开发服务器)运行,Nginx 配置如下:
server{
listen 80;
server_name *.localhost.test;
location /{
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
}
location /grafana {
auth_request /authenticate_grafana;
auth_request_set $user $upstream_http_x_webauth_user;
proxy_set_header x-webauth-user $user;
proxy_pass http://localhost:2000;
proxy_set_header Host $host;
}
}
这非常有效,如果 cookie 通过匹配,rails 应用程序会从 /authenticate_grafana 返回 200。不幸的是它似乎只适用于 GET 请求?
[![post 请求的屏幕截图][1]][1]
POST 请求正好需要 30 秒(即某种超时),而 NGINX returns 需要 500 秒。
有时 NGINX 错误日志显示:
2021/08/18 17:46:51 [error] 94438#94438: *781 auth request unexpected status: 408 while sending to client, client: 192.168.3.1, server: *.localhost.test, request: "POST /grafana/api/frontend-metrics HTTP/1.1", host: "test-org.localhost.test", referrer: "http://test-org.localhost.test/grafana/?orgId=1"
有时会记录
2021/08/18 17:49:47 [error] 94438#94438: *862 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.3.1, server: *.localhost.test, request: "POST /grafana/api/frontend-metrics HTTP/1.1", subrequest: "/authenticate_grafana", upstream: "http://[::1]:3000/authenticate_grafana", host: "test-org.localhost.test", referrer: "http://test-org.localhost.test/grafana/?orgId=1"
2021/08/18 17:49:47 [debug] 94438#94438: *862 http next upstream, 2
2021/08/18 17:49:47 [debug] 94438#94438: *862 free rr peer 2 4
2021/08/18 17:49:47 [warn] 94438#94438: *862 upstream server temporarily disabled while connecting to upstream, client: 192.168.3.1, server: *.localhost.test, request: "POST /grafana/api/frontend-metrics HTTP/1.1", subrequest: "/authenticate_grafana", upstream: "http://[::1]:3000/authenticate_grafana", host: "test-org.localhost.test", referrer: "http://test-org.localhost.test/grafana/?orgId=1"
有时这些似乎都没有记录。
谁能建议最好的调试方法吗? GET 很好但 POST 不行,这很奇怪,这可能是 Referrer policy/cookies 的事情吗?
谢谢大家!
编辑:
Diffing GET 和 POST headers 显示 POST 请求包含 Origin header 而 GET 不包含,这可能是问题?
[1]: https://i.stack.imgur.com/Nn0Us.png
已排序!
需要将我的配置修改为:
server{
listen 80;
server_name *.localhost.test;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
}
location = /authenticate_grafana {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
location /grafana {
auth_request /authenticate_grafana;
auth_request_set $user $upstream_http_x_webauth_user;
proxy_set_header x-webauth-user $user;
proxy_pass http://127.0.0.1:2000;
proxy_set_header Host $host;
}
}
我在端口 2000 上安装了 Grafana 运行,在端口 3000 上安装了一个 rails 应用程序(Puma 开发服务器)运行,Nginx 配置如下:
server{
listen 80;
server_name *.localhost.test;
location /{
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
}
location /grafana {
auth_request /authenticate_grafana;
auth_request_set $user $upstream_http_x_webauth_user;
proxy_set_header x-webauth-user $user;
proxy_pass http://localhost:2000;
proxy_set_header Host $host;
}
}
这非常有效,如果 cookie 通过匹配,rails 应用程序会从 /authenticate_grafana 返回 200。不幸的是它似乎只适用于 GET 请求? [![post 请求的屏幕截图][1]][1] POST 请求正好需要 30 秒(即某种超时),而 NGINX returns 需要 500 秒。 有时 NGINX 错误日志显示:
2021/08/18 17:46:51 [error] 94438#94438: *781 auth request unexpected status: 408 while sending to client, client: 192.168.3.1, server: *.localhost.test, request: "POST /grafana/api/frontend-metrics HTTP/1.1", host: "test-org.localhost.test", referrer: "http://test-org.localhost.test/grafana/?orgId=1"
有时会记录
2021/08/18 17:49:47 [error] 94438#94438: *862 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.3.1, server: *.localhost.test, request: "POST /grafana/api/frontend-metrics HTTP/1.1", subrequest: "/authenticate_grafana", upstream: "http://[::1]:3000/authenticate_grafana", host: "test-org.localhost.test", referrer: "http://test-org.localhost.test/grafana/?orgId=1"
2021/08/18 17:49:47 [debug] 94438#94438: *862 http next upstream, 2
2021/08/18 17:49:47 [debug] 94438#94438: *862 free rr peer 2 4
2021/08/18 17:49:47 [warn] 94438#94438: *862 upstream server temporarily disabled while connecting to upstream, client: 192.168.3.1, server: *.localhost.test, request: "POST /grafana/api/frontend-metrics HTTP/1.1", subrequest: "/authenticate_grafana", upstream: "http://[::1]:3000/authenticate_grafana", host: "test-org.localhost.test", referrer: "http://test-org.localhost.test/grafana/?orgId=1"
有时这些似乎都没有记录。 谁能建议最好的调试方法吗? GET 很好但 POST 不行,这很奇怪,这可能是 Referrer policy/cookies 的事情吗? 谢谢大家!
编辑:
Diffing GET 和 POST headers 显示 POST 请求包含 Origin header 而 GET 不包含,这可能是问题?
[1]: https://i.stack.imgur.com/Nn0Us.png
已排序! 需要将我的配置修改为:
server{
listen 80;
server_name *.localhost.test;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
}
location = /authenticate_grafana {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
location /grafana {
auth_request /authenticate_grafana;
auth_request_set $user $upstream_http_x_webauth_user;
proxy_set_header x-webauth-user $user;
proxy_pass http://127.0.0.1:2000;
proxy_set_header Host $host;
}
}