我正在使用 nginx 作为我的 asp.net core web 应用程序的反向代理。我正在使用spnego 模块用于支持 Windows 集成身份验证的 nginx。它可以工作,但如果用户输入了错误的凭据,则不会再次提示凭据?而不是服务器发送响应“401 需要授权”。我该如何解决这个问题?
nginx config:
server {
listen 80;
server_name irm-nginx.irm.local;
auth_gss on;
auth_gss_realm IRM.LOCAL;
auth_gss_format_full on;
auth_gss_keytab /etc/nginx/user.keytab;
auth_gss_service_name HTTP/irm-nginx.irm.local;
location / {
#root /usr/share/nginx/html;
#index index.html index.htm;
proxy_pass http://irmweb:80;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-User $remote_user;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
答案1
您可以使用变量和一些检查来绕过 POST 或某些页面上的缓存。例如:
在您的服务器块中:
# Caching
set $skip_cache 0;
# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
set $no_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache uris containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $skip_cache 1;
}
然后在启用缓存的位置块中添加以下内容:
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
上面的例子适用于 WordPress,但您可以对其进行调整以适用于您的应用程序。