Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

websocket的代理时候出现了认证参数没有带过去 #27

Closed
dddddddddd000nnnnnnnnnn opened this issue Apr 18, 2023 · 13 comments
Closed

websocket的代理时候出现了认证参数没有带过去 #27

dddddddddd000nnnnnnnnnn opened this issue Apr 18, 2023 · 13 comments

Comments

@dddddddddd000nnnnnnnnnn
Copy link

dddddddddd000nnnnnnnnnn commented Apr 18, 2023
edited

用waf代理群晖的控制台端口,手机访问会卡在loading,我用同类开源Modsecurity产品测试,在nginx加上代理参数即可访问。希望长亭能够支持websocket的代理参数设置
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
1c0a61ac1fe4b3a0fa652d7ad046d71
@zclaiqcc
Copy link
Collaborator

zclaiqcc commented Apr 18, 2023
edited

OK these params will be added in the next release.

@zclaiqcc
Copy link
Collaborator

诶刚看了下 nginx conf,目前是已经有这两个参数的?师傅看下 /path/to/safeline-ce/resources/nginx/proxy_params

@dddddddddd000nnnnnnnnnn
Copy link
Author

目前我看到包含这两个参数的状态是注释掉的,是不是解除注释后重新构建容器就能生效?
image

@zclaiqcc
Copy link
Collaborator

XFF 在 server 中包含了,这里就注释掉了。看下 /path/to/safeline-ce/resources/nginx/site-enabled/IF_backend_xxx

@dddddddddd000nnnnnnnnnn
Copy link
Author

我按照路径打开了配置文件,确实只有XFF。那如果说XFF包含了,那就有可能出现故障的是proxy_set_header Host ,我能否将其参数由$host_fixed改为$host?会不会产生其他的影响?

image

@zclaiqcc
Copy link
Collaborator

可以先把 proxy_params 改成 $host 试试,影响是说哪方面的?因为需要 nginx reload,所以有可能会断流?

@dddddddddd000nnnnnnnnnn
Copy link
Author

根据您的指引,我修改了参数后重启容器,目前显示容器是健康状态的,WAF管理后台也能正常访问,但所有的代理设置均不生效,无法访问业务页面。

image

image

@dddddddddd000nnnnnnnnnn
Copy link
Author

复原设置后就WAF功能就恢复正常了

@zclaiqcc
Copy link
Collaborator

是说,复原到默认设置的情况下,websocket 代理也正常了哈?

@dddddddddd000nnnnnnnnnn
Copy link
Author

websocket并没有正常。故障依旧

@zclaiqcc
Copy link
Collaborator

根据您的指引,我修改了参数后重启容器,目前显示容器是健康状态的,WAF管理后台也能正常访问,但所有的代理设置均不生效,无法访问业务页面。

image

image

师傅这个地方 nginx conf 改得有问题。不是 include $host,而是 proxy_set_header $host;

@zclaiqcc
Copy link
Collaborator

我理解可以尝试:

  1. 先把 proxy_params 文件中的 proxy_set_header Host 注释掉
  2. 在 IF_backend_2 中手动 proxy_set_header Host donn.com.cn;
  3. reload nginx
  • docker exec safeline-tengine nginx -t
  • docker exec safeline-tengine nginx -s reload
    然后看看访问 https://:5001 是否可以请求到业务。

也确认下:我看上游服务器配置的是 192.168.11.11:5001,WAF IP 不是 192.168.11.11 吧?换句话说,WAF 和业务服务器不在同一台机器上吧?。如果在统一台机器上的话,端口会冲突。

@dddddddddd000nnnnnnnnnn dddddddddd000nnnnnnnnnn closed this as not planned Won't fix, can't repro, duplicate, stale Apr 20, 2023
@Trenck
Copy link

Trenck commented Aug 10, 2023

我在用的版本是2.5版本,这个版本的配置文件里多了一个 include custom_params/backend_x;
看起来可以在这个文件里自定义一些配置

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zclaiqcc @Trenck @dddddddddd000nnnnnnnnnn