Re: Shiro over Nginx

Thu, 29 Nov 2018 13:11:44 -0800 

I believe I do what you are attempting.  NGINX reverse proxy (and SSL
termination) and shiro users (i.e. not NGINX users).
Here is the NGINX config that works here.

Our arch is:   {Internet}--443-->[NGINX]==6800==>[zeppelin]


        server_name  zeppelin.OURDOMAIN.com;
        ssl_certificate /etc/certs/www.OURDOMAIN.com/fullchain.cer;
        ssl_certificate_key /etc/certs/www.OURDOMAIN.com/www.ogt11.com.key;
        location / {
            proxy_pass       http://zeppelin.INTERNAL.OURDOMAIN.net:6800;
            proxy_set_header Host            $host;
            proxy_set_header X-Real-IP       $proxy_protocol_addr;
            proxy_set_header X-Forwarded-For $proxy_protocol_addr;
        }
        location /ws {
            proxy_pass       http://zeppelin.INTERNAL.OURDOMAIN.net:6800;
            proxy_set_header Host            $host;
            proxy_set_header X-Real-IP       $proxy_protocol_addr;
            proxy_set_header X-Forwarded-For $proxy_protocol_addr;
            proxy_http_version 1.1;
            proxy_set_header Upgrade websocket;
            proxy_set_header Connection upgrade;
            proxy_read_timeout 86400;
        }


On Thu, Nov 29, 2018 at 9:22 AM Abhi Basu <[email protected]> wrote:

> So, if I want to use nginx only for reverse proxy and shiro for Zeppelin
> authentication, do I not need to do step 3:
> https://zeppelin.apache.org/docs/0.6.2/security/authentication.html
>
> Thanks.
>
> On Thu, Nov 29, 2018 at 5:16 AM Xun Liu <[email protected]> wrote:
>
>> hi,Abhi Basu
>>
>> First you need to explain your deployment:
>> How many zeppelin-servers do you have through nginx reverse proxy?
>>
>> 1)If there is only one zeppelin service, you can refer to the link below
>> for configuration.
>> https://zeppelin.apache.org/docs/0.6.2/security/authentication.html
>> We can use this nginx reverse proxy configuration and shiro, zeppelin
>> services are normal.
>>
>> 2)If it is multiple zeppelin services, you need to set it in nginx
>> configure, each user fixed agent to fix to zeppelin service,  Otherwise the
>> user will float on multiple zeppelin services.
>>
>> Hope it helps you :-)
>>
>>
>> 在 2018年11月28日,下午11:02,Abhi Basu <[email protected]> 写道:
>>
>> We have a CDH cluster which has Zeppelin 0.8.0 installed on it. We
>> enabled  basic authentication using Shiro. When we used Nginx for reverse
>> proxy, Zeppelin site loads fine, and once we log in (using Shiro users), we
>> dont see the Notebooks created by that user earlier. Would Nginx not work
>> with Shiro, or am I missing something?
>>
>> Thanks,
>>
>> Abhi
>>
>> --
>> Abhi Basu
>>
>>
>>
>
> --
> Abhi Basu
>

Reply via email to