“Nginx用户密码认证配置 Basic HTTP authentication”的版本间的差异

来自linux中国网wiki
跳到导航 跳到搜索
(创建页面,内容为“=Prometheus通过Nginx加密登陆= ==ng配置== <pre> cat gf.conf server { listen 80; server_name gf.linuxsa.org; # access_log /var/log/nginx/test-nux…”)
 
 
(未显示同一用户的6个中间版本)
第1行: 第1行:
 +
[[category:ops]] [[category:]] 
 
=Prometheus通过Nginx加密登陆=
 
=Prometheus通过Nginx加密登陆=
  
 +
 +
== ==
 +
<pre>
 +
#安装apache-htpasswd工具
 +
yum -y install httpd-tools
 +
apt -y install apache2-utils
 +
 +
#使用 htpasswd 生成认证密钥对
 +
htpasswd -c  .htpasswd admin
 +
New password:
 +
Re-type new password:
 +
Adding password for user admin
 +
  cat .htpasswd
 +
</pre>
 
==ng配置==
 
==ng配置==
 
<pre>
 
<pre>
cat gf.conf  
+
eg
 +
 
 +
http {
 +
  server {
 +
    listen 80;
 +
    server_name pro.linuxsa.org;
 +
    location / {
 +
      proxy_pass http://localhost:9090/;
 +
 
 +
      auth_basic "Prometheus";
 +
      auth_basic_user_file ".htpasswd";
 +
    }
 +
  }
 +
 
 +
 
 +
 
 +
cat pro.conf  
 
server
 
server
 
{
 
{
 
     listen 80;
 
     listen 80;
     server_name gf.linuxsa.org;
+
     server_name pro.linuxsa.org;
#    access_log  /var/log/nginx/test-nuxt-bcb-blockchain-website.lliao.net.log;
+
#    access_log  /var/log/nginx/teo.net.log;
    #error_log /var/log/nginx/test-nux-bcb.evan.error.log;
 
  
  
第15行: 第45行:
 
    
 
    
 
     location / {
 
     location / {
       proxy_pass http://10.39.10.14:3000;
+
        auth_basic "Prometheus";
 +
        auth_basic_user_file "/usr/local/openresty/.htpasswd";
 +
       proxy_pass http://10.30.10.124:9090;
 
       proxy_http_version 1.1;
 
       proxy_http_version 1.1;
  
第33行: 第65行:
 
           proxy_send_timeout 1800s;
 
           proxy_send_timeout 1800s;
 
           proxy_read_timeout 1800s;
 
           proxy_read_timeout 1800s;
 
 
  
 
       real_ip_recursive on;
 
       real_ip_recursive on;
第54行: 第84行:
 
     }
 
     }
 
}
 
}
 +
</pre>
 +
 +
=prome conf=
 +
<pre>
 +
我好像没用这个吧
 +
最后一步是修改 prometheus.yml 文件,将我们的 Node Exporter 服务添加进去:
 +
 +
  - job_name: 'node-exporter'
 +
    static_configs:
 +
      - targets: ['your-ip:19090']
 +
    basic_auth:
 +
      username: yuankun
 +
      password: your-password
  
 +
重启 Prometheus 服务,就大功告成了。
 
</pre>
 
</pre>
 +
 +
=see also=
 +
[http://www.songjiayang.com/posts/prometheus-shu-ju-an-quan-zhi-basic-ren-zheng Prometheus 数据安全之 Basic 认证]
 +
 +
[https://blog.whsir.com/post-4241.html Prometheus通过Nginx加密登陆(二)]
 +
 +
[https://www.jianshu.com/p/edd9c17d8c8b 为 Prometheus 添加 HTTP Basic Auth]
 +
 +
 +
 +
[https://blog.csdn.net/jc0803kevin/article/details/80005983  nginx用户认证配置( Basic HTTP authentication)]

2020年4月22日 (三) 10:20的最新版本

[[category:]]  

Prometheus通过Nginx加密登陆

#安装apache-htpasswd工具
yum -y install httpd-tools
apt -y install apache2-utils

#使用 htpasswd 生成认证密钥对 
 htpasswd -c  .htpasswd admin
New password:
Re-type new password:
Adding password for user admin
  cat .htpasswd

ng配置

eg

http {
  server {
    listen 80;
    server_name pro.linuxsa.org;
    location / {
      proxy_pass http://localhost:9090/;

      auth_basic "Prometheus";
      auth_basic_user_file ".htpasswd";
    }
  }



 cat pro.conf 
server
{
    listen 80;
    server_name pro.linuxsa.org;
#    access_log  /var/log/nginx/teo.net.log;


    client_max_body_size 10m;
  
    location / {
        auth_basic "Prometheus";
        auth_basic_user_file "/usr/local/openresty/.htpasswd";
      proxy_pass http://10.30.10.124:9090;
      proxy_http_version 1.1;

#set_real_ip_from 10.0.0.0/8;
#set_real_ip_from 172.16.0.0/12;
#set_real_ip_from 192.168.0.0/16;
#real_ip_header X-Forwarded-For;

        proxy_set_header        Host                 $host;
        proxy_set_header        X-Real-IP            $remote_addr;
        proxy_set_header        X-Forwarded-For      $proxy_add_x_forwarded_for;
        proxy_set_header        X-Remote-Port        $remote_port;
        proxy_set_header        X-Forwarded-Proto    $scheme;
        proxy_redirect          off;

          proxy_connect_timeout 1800s;
          proxy_send_timeout 1800s;
          proxy_read_timeout 1800s;

      real_ip_recursive on;
#      real_ip_header X-Forwarded-For;
#      set_real_ip_from 0.0.0.0/0;
#      proxy_set_header Host             $host;
#      proxy_set_header X-Real-IP $remote_addr;
#      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


#proxy_set_header Host             $host:$server_port;
#proxy_set_header    HTTP_X_FORWARDED_FOR $remote_addr;
#proxy_set_header X-NginX-Proxy true;

#      proxy_set_header X-Real-IP        $remote_addr;
 #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#      proxy_set_header Upgrade $http_upgrade;
#      proxy_set_header Connection "upgrade";
    }
}

prome conf

我好像没用这个吧
最后一步是修改 prometheus.yml 文件,将我们的 Node Exporter 服务添加进去:

  - job_name: 'node-exporter'
    static_configs:
      - targets: ['your-ip:19090']
    basic_auth:
      username: yuankun
      password: your-password

重启 Prometheus 服务,就大功告成了。

see also

Prometheus 数据安全之 Basic 认证

Prometheus通过Nginx加密登陆(二)

为 Prometheus 添加 HTTP Basic Auth


nginx用户认证配置( Basic HTTP authentication)