我在 VPC 网络中有一个 AWS Opensearch。我正在使用 Nginx 反向代理访问 Opensearch 仪表板 (Kibana)。我当前的设置运行良好。
我尝试进行 SAML Okta 身份验证,但出现以下错误:
"statusCode":500,"error":"Internal Server Error","message":"Internal Error"
我正在使用 Okta 的以下配置:
SSO URL:https://PROXY-URL/_plugin/kibana/_opendistro/_security/saml/acs
当尝试通过代理 URL 访问 OpenSearch 时,用户会按预期重定向到 Okta 身份验证页面。输入身份验证码后,重定向 URL 指向
**https://PROXY-URL/_plugin/kibana/_opendistro/_security/saml/acs**
然而,我并没有成功访问 OpenSearch Kibana,而是遇到了内部服务器错误,并显示以下消息
statusCode":500,"error":"Internal Server Error","message":"Internal Error"
我的 Nginx 配置如下:
server {
server_name my-proxy-domain.com ;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location /_plugin/kibana{
proxy_pass https://OpenSearch-Domain-xxxxxxxxxx.xxxxxxxEndpoint.com/_plugin/kibana;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_buffering off;
proxy_ssl_verify off;
}
location / {
return 403;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/kxxxxxxxxxx.xxxxxxx..com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/kxxxxxxxxxx.xxxxxxx.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
我已经使用 Nginx 代理设置了 SAML Okta 身份验证。我在同一个 VPC 内创建了一个 EC2 Windows 实例,它运行良好。