现象描述:
1)使用互联网访问URL:http://almcs.test.cebbank.com:22180/bpm-mobile 或者http://almzsc.test.cebbank.com:22180/bpm-mobile 出现登陆界面,要求用户输入用户名和密码,用户输入用户名和密码点击登陆按钮无反应
2)查看DMZ区nginx logs/access.log日志发现出现401返回码报错
3)项目组反馈程序代码中有对client_id [proxy_set_header client_id $http_client_id;]强校验机制,必须输入client_id ,否则无法访问
问题原因:
NGINX转发时,无法识别带有下划线"_"的配置参数,server配置中client_id、client_secret、Content_type、access_token中的下划线"_"在nginx转发时候都丢失了,后端程序代码解析时候只能看到前半部分(client、client、Content、access),所以浏览器无法正常登陆,访问日志会出现401返回码报错
解决办法:
nginx http区块添加 underscores_in_headers on;
验证结果:
http://almcs.test.cebbank.com:22180/bpm-mobile 或者http://almzsc.test.cebbank.com:22180/bpm-mobile 出现登陆界面,要求用户输入用户名和密码,用户输入用户名和密码点击登陆按钮能正常登陆访问
vhosts/scf_alm.conf 配置文件内容
#测试环境
#SCF-M-ALM-阳光消费资产负债管理系统 出向访问F5:192.168.113.40
server {
listen 22381;
location / {
proxy_pass https://ird-api-dev.ebchina.com;
index index.html index.htm login.html;
}
}
#SCF-M-ALM-阳光消费资产负债管理系统 入向访问F5:10.200.63.200
server {
listen 22380;
location / {
proxy_pass http://10.200.63.200:22380;
index index.html index.htm login.html;
}
}
#准生产环境
#SCF-M-ALM-阳光消费资产负债管理系统 出向访问F5:192.168.113.40
server {
listen 22181;
location / {
proxy_pass https://ird-api-dev.ebchina.com;
index index.html index.htm login.html;
}
}
#SCF-M-ALM-阳光消费资产负债管理系统 入向访问F5:10.200.63.200
server {
listen 22180;
location /bpm-mobile {
# proxy_pass http://10.200.63.200:22180;
proxy_pass http://15.5.71.56:22180;
index index.html index.htm login.html;
}
location /api/ {
index index.php index.html index.htm index.shtml index.jsp;
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded_Proto $scheme;
proxy_set_header client_id $http_client_id;
proxy_set_header client_secret $http_client_secret;
proxy_set_header Content_type $content_type;
proxy_set_header access_token $http_access_token;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://15.5.71.52:9000/;
}
}
nginx.conf文件内容:
worker_processes 4;
error_log logs/error.log error;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
server_tokens off;
keepalive_timeout 65;
underscores_in_headers on;
include vhosts/*.conf;
}