Nginx用户密码认证配置 Basic HTTP authentication

来自linux中国网wiki
Evan讨论 | 贡献2020年4月22日 (三) 10:19的版本 →‎see also
跳到导航 跳到搜索

Prometheus通过Nginx加密登陆

#安装apache-htpasswd工具
yum -y install httpd-tools
apt -y install apache2-utils

#使用 htpasswd 生成认证密钥对 
 htpasswd -c  .htpasswd admin
New password:
Re-type new password:
Adding password for user admin
  cat .htpasswd

ng配置

eg

http {
  server {
    listen 80;
    server_name pro.linuxsa.org;
    location / {
      proxy_pass http://localhost:9090/;

      auth_basic "Prometheus";
      auth_basic_user_file ".htpasswd";
    }
  }



 cat pro.conf 
server
{
    listen 80;
    server_name pro.linuxsa.org;
#    access_log  /var/log/nginx/test-nuxt-bcb-blockchain-website.lliao.net.log;
    #error_log /var/log/nginx/test-nux-bcb.evan.error.log;


    client_max_body_size 10m;
  
    location / {
        auth_basic "Prometheus";
        auth_basic_user_file "/usr/local/openresty/nginx/conf/hosts/.htpasswd";
      proxy_pass http://10.30.10.124:9090;
      proxy_http_version 1.1;

#set_real_ip_from 10.0.0.0/8;
#set_real_ip_from 172.16.0.0/12;
#set_real_ip_from 192.168.0.0/16;
#real_ip_header X-Forwarded-For;

        proxy_set_header        Host                 $host;
        proxy_set_header        X-Real-IP            $remote_addr;
        proxy_set_header        X-Forwarded-For      $proxy_add_x_forwarded_for;
        proxy_set_header        X-Remote-Port        $remote_port;
        proxy_set_header        X-Forwarded-Proto    $scheme;
        proxy_redirect          off;

          proxy_connect_timeout 1800s;
          proxy_send_timeout 1800s;
          proxy_read_timeout 1800s;



      real_ip_recursive on;
#      real_ip_header X-Forwarded-For;
#      set_real_ip_from 0.0.0.0/0;
#      proxy_set_header Host             $host;
#      proxy_set_header X-Real-IP $remote_addr;
#      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


#proxy_set_header Host             $host:$server_port;
#proxy_set_header    HTTP_X_FORWARDED_FOR $remote_addr;
#proxy_set_header X-NginX-Proxy true;

#      proxy_set_header X-Real-IP        $remote_addr;
 #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#      proxy_set_header Upgrade $http_upgrade;
#      proxy_set_header Connection "upgrade";
    }
}

prome conf

我好像没用这个吧
最后一步是修改 prometheus.yml 文件,将我们的 Node Exporter 服务添加进去:

  - job_name: 'node-exporter'
    static_configs:
      - targets: ['your-ip:19090']
    basic_auth:
      username: yuankun
      password: your-password

重启 Prometheus 服务,就大功告成了。

see also

Prometheus 数据安全之 Basic 认证

Prometheus通过Nginx加密登陆(二)

为 Prometheus 添加 HTTP Basic Auth


nginx用户认证配置( Basic HTTP authentication)