This is my configuration. I keep getting this error: " Error while initializing LDAP connection: (0, 'Error') "
Similar LDAP filter works perfectly with other model:
I tried lots of possibilities, but none of them seem to work. I would really appreciate a help here.
https://github.com/kvspb/nginx-auth-ldap
I use this guide : https://github.com/nginxinc/nginx-ldap-auth
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.20.69:8080/main/;
auth_request /auth-proxy;
}
location = /auth-proxy {
internal;
proxy_pass http://127.0.0.1:8888;
proxy_pass_request_body off;
#proxy_set_header Content-Length "";
#proxy_cache auth_cache;
#proxy_cache_valid 200 10m;
#proxy_set_header X-CookieName "nginxauth";
#proxy_set_header Cookie nginxauth=$cookie_nginxauth;
proxy_set_header X-Ldap-URL "ldaps://ldap.jumpcloud.com:636/ou=Users,o=companyid,dc=jumpcloud,dc=com?uid?sub?(objectClass=posixAccount)";
proxy_set_header X-Ldap-BaseDN "ou=Users,o=companyid,dc=jumpcloud,dc=com";
proxy_set_header X-Ldap-BindDN "uid=user-bind,ou=Users,o=companyid,dc=jumpcloud,dc=com";
proxy_set_header X-Ldap-BindPass "password";
proxy_set_header X-Ldap-Realm Restricted;
Related
I successfully added the auth_basic directive to my server block with the following config:
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=proxy_cache_path_global:10m loader_threshold=300 loader_files=200 max_size=2g inactive=60m use_temp_path=off;
upstream backend {
server localhost:8080;
keepalive 128;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name example.com www.example.com app.example.com;
auth_basic "Administrator’s Area";
auth_basic_user_file /etc/nginx/.htpasswd;
location / {
proxy_pass http://backend;
proxy_cache_methods GET HEAD;
proxy_cache proxy_cache_path_global;
proxy_cache_key $host$request_uri$cookie_user$slice_range;
proxy_cache_bypass $cookie_nocache $arg_nocache$arg_comment;
proxy_cache_min_uses 3;
proxy_cache_valid any 1m;
proxy_cache_revalidate on;
proxy_cache_background_update on;
proxy_cache_lock on;
proxy_cache_lock_age 10s;
proxy_cache_lock_timeout 3s;
proxy_redirect off;
proxy_http_version 1.1;
proxy_read_timeout 300;
proxy_connect_timeout 300;
slice 1m;
add_header X-Cache-Status $upstream_cache_status;
proxy_set_header Host $host;
proxy_set_header Connection "";
proxy_set_header Range $slice_range;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
}
When i visit my website, 2 login prompts appear after each other; one for example.com, and another one for app.example.com.
How do i configure this, so that i only have to type in my credentials once?
I already tried looking for a solution by myself unsuccessfully. Any hints would be appreciated.
I have worked on an application using node.js and express for the backend and reactjs for the frontend.
On the nodejs backend, set up socket.io as such
const port = process.env.PORT || 8000
const server = app.listen(port, () =>
console.log(`Server running on port ${port}`)
)
const io = require('socket.io')(server, {
cors: {
origin: '*',
},
})
Then on the react frontend, I sent up the socket.io for client as:
if (!socket.current) {
socket.current = io(process.env.REACT_APP_API2)
}
Where my REACT_APP_API2='http://localhost:8000' while my api is connected on REACT_APP_API='http://localhost:8000/api'
Locally, this works very well and my websocket connects and works well.
But in production, i get the error wss://+ myDomain + .com:3000/ws connection failed:
This is how I set up my NGINX Server
I first set up this '/' to point to the root (React APP)
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
NEXT, I Set up /api to point to the backend api
location /api {
proxy_pass http://localhost:8000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
Finally, I set this /socket.io for my sockets.
location /socket.io {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy false;
proxy_pass http://localhost:8000;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
This is how i set up my enviromment variables in my frontend
REACT_APP_API = '/api'
REACT_APP_API2 = '/'
What I have tried:
I have changed the REACT_APP_API2 to '/api'
I have changed the proxy_pass http://localhost:8000; to 3000
NB: my application on nginx is secure ie 'https'
I followed the tutorial below except "Configuring nginx".
https://docs.nodebb.org/installing/os/debian/#configuring-nginx
my nodebb/config.json is like below.
{
"url": "https://MYDOMAIN",
"secret": "DEFAULT SECRET",
"database": "mongo",
"mongo": {
"host": "127.0.0.1",
"port": "27017",
"username": "nodebb",
"password": "MYPASSWORD",
"database": "nodebb",
"uri": ""
},
"port": "4568"}
I set port 4568 because some other process is on 4567.
There was no error in setup, but I can't access https://MYDOMAIN:4568.
I command "./nodebb log", it says "info: NodeBB is now listening on: 0.0.0.0:4568" and never progress.
Any help is appreciated.
Open the port 4568.
And do like this
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4567;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
My app architecture is here.
front-server 3000 - domain.com, serve files to browser
api-server 3001 - api.domain.com
socket-server 3003 - io.domain.com
In dev mode, socket request have all http request cookies,
But in production mode with nginx (down to conf),
socket cookie just have a cookie io
In dev
In prod
This is nginx conf(part of socket server).
server {
server_name io.domain.com;
location / {
include proxy_params;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwared-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:3003;
}
location /socket.io/ {
include proxy_params;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwared-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:3003;
}
}
Here is socket client
const io = require('socket.io-client');
let socket;
if (process.env.NODE_ENV === 'production') {
socket = io.connect('http://io.domain.com/noti');
} else {
socket = io.connect('http://localhost:3003/noti');
}
module.exports = socket;
In development env, it works well but in production mode because of the problem, I can't retrieve user values.
I need to use cookie value sessionId, token to auth, but two cookie values are disappeared.
What's wrong with it?
Most of all, Set cookie with domain.
For example in node js,
res.setCookie({...
domain: 'domain.com'
});
And in nginx conf,
proxy_cookie_domain io.domain.com domain.com
first time i'm trying to setup nginx.
I have following problem i would like to solve.
I have two versions of backend v1 and v2.
User is routed to "/v2" (proxy_pass '127.0.0.1:3000;')
Traffic tru "/" (javascript + sockets) has be routed to the same server '127.0.0.1:3000;' by looking at the cookie.
Heres my problem the cookie doesn't exists and therefore 404 will be returned
Any suggestion?
map $cookie_version $site_version {
default "";
"v1" "version=v1;Domain=localhost;Path=/";
"v2" "version=v2;Domain=localhost;Path=/";
}
server {
listen 8081;
server_name localhost;
location / {
if ($cookie_version ~* "v1") {
proxy_pass http://127.0.0.1:8080;
}
if ($cookie_version ~* "v2") {
proxy_pass http://127.0.0.1:3000;
}
}
location /v1 {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
set $cookie_version "v1";
add_header Set-Cookie $site_version;
rewrite ^/v1(.*) /$1 break;
proxy_pass http://127.0.0.1:8080;
}
location /v2 {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
set $cookie_version "v2";
add_header Set-Cookie $site_version;
rewrite ^/v2(.*) /$1 break;
proxy_pass http://127.0.0.1:3000;
}
}
First of all, read why if is evil http://wiki.nginx.org/IfIsEvil. Use map instead.
My suggestion:
map $cookie_version $mybackend {
default "127.0.0.1:3000";
"v1" "127.0.0.1:8080";
"v2" "127.0.0.1:3000";
}
...
location / {
proxy_pass http://$mybackend;
}
...
location ~ ^/(?<cver>v[12])/ {
...
add_header Set-Cookie "version=$cver;Domain=localhost;Path=/";
rewrite ^/v[12]/(.*)$ /$1 redirect;
}