“Nginx用户密码认证配置 Basic HTTP authentication”的版本间的差异

来自linux中国网wiki
跳到导航 跳到搜索
 
(未显示同一用户的1个中间版本)
第1行: 第1行:
 +
[[category:ops]] [[category:]] 
 
=Prometheus通过Nginx加密登陆=
 
=Prometheus通过Nginx加密登陆=
  
第38行: 第39行:
 
     listen 80;
 
     listen 80;
 
     server_name pro.linuxsa.org;
 
     server_name pro.linuxsa.org;
#    access_log  /var/log/nginx/test-nuxt-bcb-blockchain-website.lliao.net.log;
+
#    access_log  /var/log/nginx/teo.net.log;
    #error_log /var/log/nginx/test-nux-bcb.evan.error.log;
 
  
  
第46行: 第46行:
 
     location / {
 
     location / {
 
         auth_basic "Prometheus";
 
         auth_basic "Prometheus";
         auth_basic_user_file "/usr/local/openresty/nginx/conf/hosts/.htpasswd";
+
         auth_basic_user_file "/usr/local/openresty/.htpasswd";
 
       proxy_pass http://10.30.10.124:9090;
 
       proxy_pass http://10.30.10.124:9090;
 
       proxy_http_version 1.1;
 
       proxy_http_version 1.1;
第65行: 第65行:
 
           proxy_send_timeout 1800s;
 
           proxy_send_timeout 1800s;
 
           proxy_read_timeout 1800s;
 
           proxy_read_timeout 1800s;
 
 
  
 
       real_ip_recursive on;
 
       real_ip_recursive on;
第87行: 第85行:
 
}
 
}
 
</pre>
 
</pre>
 +
 
=prome conf=
 
=prome conf=
 
<pre>
 
<pre>
第105行: 第104行:
 
[http://www.songjiayang.com/posts/prometheus-shu-ju-an-quan-zhi-basic-ren-zheng Prometheus 数据安全之 Basic 认证]
 
[http://www.songjiayang.com/posts/prometheus-shu-ju-an-quan-zhi-basic-ren-zheng Prometheus 数据安全之 Basic 认证]
  
 +
[https://blog.whsir.com/post-4241.html Prometheus通过Nginx加密登陆(二)]
  
 
[https://www.jianshu.com/p/edd9c17d8c8b 为 Prometheus 添加 HTTP Basic Auth]
 
[https://www.jianshu.com/p/edd9c17d8c8b 为 Prometheus 添加 HTTP Basic Auth]

2020年4月22日 (三) 10:20的最新版本

[[category:]]  

Prometheus通过Nginx加密登陆

#安装apache-htpasswd工具
yum -y install httpd-tools
apt -y install apache2-utils

#使用 htpasswd 生成认证密钥对 
 htpasswd -c  .htpasswd admin
New password:
Re-type new password:
Adding password for user admin
  cat .htpasswd

ng配置

eg

http {
  server {
    listen 80;
    server_name pro.linuxsa.org;
    location / {
      proxy_pass http://localhost:9090/;

      auth_basic "Prometheus";
      auth_basic_user_file ".htpasswd";
    }
  }



 cat pro.conf 
server
{
    listen 80;
    server_name pro.linuxsa.org;
#    access_log  /var/log/nginx/teo.net.log;


    client_max_body_size 10m;
  
    location / {
        auth_basic "Prometheus";
        auth_basic_user_file "/usr/local/openresty/.htpasswd";
      proxy_pass http://10.30.10.124:9090;
      proxy_http_version 1.1;

#set_real_ip_from 10.0.0.0/8;
#set_real_ip_from 172.16.0.0/12;
#set_real_ip_from 192.168.0.0/16;
#real_ip_header X-Forwarded-For;

        proxy_set_header        Host                 $host;
        proxy_set_header        X-Real-IP            $remote_addr;
        proxy_set_header        X-Forwarded-For      $proxy_add_x_forwarded_for;
        proxy_set_header        X-Remote-Port        $remote_port;
        proxy_set_header        X-Forwarded-Proto    $scheme;
        proxy_redirect          off;

          proxy_connect_timeout 1800s;
          proxy_send_timeout 1800s;
          proxy_read_timeout 1800s;

      real_ip_recursive on;
#      real_ip_header X-Forwarded-For;
#      set_real_ip_from 0.0.0.0/0;
#      proxy_set_header Host             $host;
#      proxy_set_header X-Real-IP $remote_addr;
#      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


#proxy_set_header Host             $host:$server_port;
#proxy_set_header    HTTP_X_FORWARDED_FOR $remote_addr;
#proxy_set_header X-NginX-Proxy true;

#      proxy_set_header X-Real-IP        $remote_addr;
 #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#      proxy_set_header Upgrade $http_upgrade;
#      proxy_set_header Connection "upgrade";
    }
}

prome conf

我好像没用这个吧
最后一步是修改 prometheus.yml 文件,将我们的 Node Exporter 服务添加进去:

  - job_name: 'node-exporter'
    static_configs:
      - targets: ['your-ip:19090']
    basic_auth:
      username: yuankun
      password: your-password

重启 Prometheus 服务,就大功告成了。

see also

Prometheus 数据安全之 Basic 认证

Prometheus通过Nginx加密登陆(二)

为 Prometheus 添加 HTTP Basic Auth


nginx用户认证配置( Basic HTTP authentication)