1. 首頁
  2. 問答
  3. nginx的位置和Django的權威性

nginx的位置和Django的權威性

2017-09-26 108 views
0

我試圖創建一個基於查詢字符串的URL PARAM一個NGINX重定向。基本上具有:nginx的位置和Django的權威性

http://localhost/redirect/?url=https://www.google.it/search?dcr=0&source=hp&q=django&oq=django 


location /redirect/ { 
    proxy_cache STATIC; 
    # cache status code 200 responses for 10 minutes 
    proxy_cache_valid 200 1d; 
    proxy_cache_revalidate on; 
    proxy_cache_min_uses 3; 
    # use the cache if there's a error on app server or it's updating from another request 
    proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; 
    # don't let two requests try to populate the cache at the same time 
    proxy_cache_lock on; 

    # Strip out query param "timestamp" 
    if ($args ~ (.*)&timestamp=[^&]*(.*)) { 
     set $args $1$2; 
    } 

    return 302 $arg_url$args; 
}

現在,只有Django的認證的用戶(JWT /曲奇)可以使用/redirect?url=終點,因此是有可能實現的會話/ cookie檢查而不打開代表整個世界?

無論如何,我可以在Django級別(https://github.com/mjumbewu/django-proxy/blob/master/proxy/views.py)做到這一點,但我認爲它在NGINX級別上運行速度更快,計算成本更低。

感謝,

d

來源

2017-09-26 Daviddd

+1

有點不清楚您的查詢,所以你要'/ redirect'只可用於身份驗證的用戶? –

+0

是的,我要修改它。 – Daviddd

+2

我認爲你可以使用'auth_request'來做到這一點。看到這個https://nginx.org/en/docs/http/ngx_http_auth_request_module.html#auth_request和https://www.nginx.com/resources/admin-guide/restricting-access-auth-request/ –

回答

0

重定向&代理是不同的東西,爲得到你需要使用nginx的Django的代理功能的反向代理選項,而不是重定向。

# django-proxy code fragment 
response = requests.request(request.method, url, **requests_args) 
proxy_response = HttpResponse(
     response.content, 
     status=response.status_code)

Nginx的配置爲反向代理&權威性

server { 
    listen 80; 
    server_name youtdomain.com; 

    location/{ 
     # use django for authenticating request 
     auth_request /django-app/; 
     # a proxy to otherdomain 
     proxy_pass http://otherdomain.com; 
     proxy_set_header Host otherdomain.com; 
    } 

    location /django-app/{ 
     internal; # protect from public access 
     proxy_pass http://django-app; 
    } 
}

Django應用程序應該返回200狀態代碼驗證的用戶401否則,您可以根據前面的閱讀更多詳細的auth_request here

來源

2017-09-26 09:18:38

+0

基本上從網站只有使用Django Rest Framework(DRF)的經過認證的用戶應該使用NGINX位置/ redirect /?url = <來自DB的各種URL>,但不使用NGINX反向代理,否則我可以創建DRF端點。答案是「auth_request」 – Daviddd

+0

注意,'你提到的Django proxy'沒有進行重定向,而不是它下載內容,並傳遞給它像nginx的反向代理客戶端 –

0

(!感謝)的回答是這樣的解決方案:

http { 
    upstream app_api { 
    # server 172.69.0.10:8000; 
    server api:8000; 
    # fail_timeout=0 means we always retry an upstream even if it failed 
    # to return a good HTTP response (in case the Unicorn master nukes a 
    # single worker for timing out). 
    # server unix:/var/www/gmb/run/gunicorn.sock fail_timeout=0; 
    } 

server { 

    location = /auth { 
     proxy_pass http://app_api/api-auth/login/; 
     proxy_pass_request_body off; 
     proxy_set_header Content-Length ""; 
     proxy_set_header X-Original-URI $request_uri; 
    } 

    location /redirect/ { 
     auth_request /auth; 

     proxy_cache STATIC; 

     # cache status code 200 responses for 10 minutes 
     proxy_cache_valid 200 1d; 
     proxy_cache_revalidate on; 
     proxy_cache_min_uses 3; 
     # use the cache if there's a error on app server or it's updating from another request 
     proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; 
     # don't let two requests try to populate the cache at the same time 
     proxy_cache_lock on; 

     # Strip out query param "timestamp" 
     if ($args ~ (.*)&timestamp=[^&]*(.*)) { 
     set $args $1$2; 
     } 
     return 302 $arg_url$args; 
    }

來源

2017-09-26 10:02:38 Daviddd

相關問題

 相關問題