【问题标题】:Reverse Proxy Apche2.4 how to enable google authentication反向代理Apache2.4如何启用google认证
【发布时间】:2020-02-11 13:46:21
【问题描述】:

我正在尝试在安装在 CentOS7 上的 Apache 2.4 反向代理上启用 google 身份验证。 我安装了 mod_auth_openidc 我在 GSUITE 控制台上创建了 OAuth 2.0 客户端 ID

这是我的/etc/httpd/conf/http.conf

<VirtualHost mtest.mydomain.com:80>    
  ServerName mtest.mydomain.com
  OIDCProviderMetadataURL https://accounts.google.com/.well-known/openid-configuration    
  OIDCClientID xxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
  OIDCClientSecret xxxxxxxxxxxxxxxxxxxxxxxx
  OIDCRedirectURI https://mtest.mydomain.com/    
  OIDCScope "profile openid"    
  OIDCCryptoPassphrase example@3003    
  OIDCCookiePath /    
  OIDCAuthNHeader X-Forwarded-User    
  OIDCRemoteUserClaim sub    
  OIDCClaimPrefix example_

<Location />
  AuthType openid-connect
  Require valid-user    
</Location>

 Redirect / https://mtest.mydomain.com/  

</VirtualHost> <VirtualHost mtest.mydomain.com:443>   
  ServerName mtest.mydomain.com   
  SSLEngine on   
  SSLCertificateFile /etc/httpd/ssl/mydomain.com.crt   
  SSLCertificateKeyFile /etc/httpd/ssl/mydomain.com.key   
  SSLCACertificateFile /etc/httpd/ssl/gd_bundle-g2-g1.crt   
</VirtualHost>

但是当我输入网址时:http://mtest.mydomain.com 我没有重定向到谷歌身份验证页面。

我的错误在哪里?

【问题讨论】:

    标签: apache google-app-engine reverse-proxy google-authentication


    【解决方案1】:

    我是这样解决的:

    ProxyRequests off
    
    <Proxy *>
            Order deny,allow
            Deny from all
            Allow from all 
    </Proxy> ProxyTimeout 300
    
    <VirtualHost test.mydomain.com:80>    
       ServerName test.mydomain.com    
       Redirect / https://test.mydomain.com/ 
    </VirtualHost>
    
    <VirtualHost test.mydomain.com:443>
            ServerName test.mydomain.com
            SSLEngine on
            SSLCertificateFile /etc/httpd/ssl/mydomain.crt
            SSLCertificateKeyFile /etc/httpd/ssl/mydomain.key
            SSLCACertificateFile /etc/httpd/ssl/gd_bundle-g2-g1.crt
    
    
    OIDCProviderMetadataURL https://accounts.google.com/.well-known/openid-configuration
    OIDCClientID xxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com   
    OIDCClientSecret xxxxxxxxxxxxxxxxxxxxx   
    OIDCRedirectURI https://test.mydomain.com/home.html   
    OIDCScope "profile openid"   
    OIDCCryptoPassphrase example@3003   
    OIDCCookiePath /   
    OIDCAuthNHeader X-Forwarded-User   
    OIDCRemoteUserClaim sub   
    OIDCClaimPrefix example_
    <Location />   
        AuthType openid-connect   
        Require valid-user </Location>
    
        ProxyPreserveHost On
        ProxyPass / http://192.168.1.1/
        ProxyPassReverse / http://192.168.1.1/ 
    </VirtualHost>
    

    【讨论】:

      猜你喜欢
      • 2019-05-06
      • 2017-06-15
      • 1970-01-01
      • 2011-05-21
      • 2013-01-28
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2017-07-05
      相关资源
      最近更新 更多