Nginx+Lua实现Grafana集成SSO

基本思路

Grafana开auth.proxy, Nginx+Lua控制cookie及X-WEBAUTH-USER的值 (Enable auth.proxy in Grafana, Then use Nginx+Lua to control cookie and value of X-WEBAUTH-USER).

架构图

环境配置

  • Download and install LuaJIT
  • Install Tengine 2.2.1 with configure option --with-http_lua_module --with-ld-opt="-Wl,-rpath,$LUAJIT_LIB"
  • Download and compile lua-cjson, then copy cjson.so to lib dir. Such as /usr/lib64/lua/5.1/

Nginx配置

Main Configuration

Access With Out SSO

某种情况下可能不想挑转到sso去认证,比如某个公共的本地账号。这时可以通过Nginx配置绕过SSO认证(Sometimes we may want to login with out SSO, such as a local grafana account for public use. For this situation, we can use Nginx to bypass SSO)

Full Code

参考资料




本文遵从CC版权协定,转载请以链接形式注明出处。
本文链接地址: http://www.annhe.net/article-3551.html
  1. 重定向至登录前页面:1. sso的next参数改为 http://grafana/?uri={ngx.var.uri} 来记录跳转到sso之前的请求uri2. 认证过了之后,先设置cookie,然后 ngx.redirect('http://grafana' .. args['uri']),最后调用 Login(user)函数