Hi guys,
I am trying to configure authentication using proxy nginx. I am using the
ports 8080 and 8081 for Zeppelin and my nginx.conf is the next one but I am
getting an error. You can see the error at the end of this email.
*user www-data;daemon off;worker_processes 1;error_log
/var/log/nginx/error.log;pid /run/nginx.pid;events {
worker_connections 1024;}http { include /etc/nginx/mime.types;
default_type application/octet-stream; log_format main '$remote_addr
- $remote_user [$time_local] "$request" ' '$status
$body_bytes_sent "$http_referer" ' '"$http_user_agent"
"$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main;
sendfile on; keepalive_timeout 65; # Load modular
configuration files from the /etc/nginx/conf.d directory. # See
http://nginx.org/en/docs/ngx_core_module.html#include
<http://nginx.org/en/docs/ngx_core_module.html#include> # for more
information. include /etc/nginx/conf.d/*.conf; upstream backend {
server 127.0.0.1:8080 <http://127.0.0.1:8080>; } upstream
backendWS { server 127.0.0.1:8081 <http://127.0.0.1:8081>; }
map $http_upgrade $connection_upgrade { default upgrade; ''
close; } server { listen 8080; listen 80;
server_name 127.0.0.1; location / { auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_set_header Upgrade $http_upgrade; proxy_set_header
Connection $connection_upgrade; proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for; proxy_set_header X-Real-IP
$remote_addr; proxy_set_header Host $http_host;
proxy_http_version 1.1; proxy_pass http://backend
<http://backend>; } } server { listen 8081;
server_name 127.0.0.1; location / { proxy_set_header
Upgrade $http_upgrade; proxy_set_header Connection
$connection_upgrade; proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for; proxy_set_header X-Real-IP
$remote_addr; proxy_set_header Host $http_host;
proxy_http_version 1.1; proxy_pass
http://backendWS <http://backendWS>; } }}*
2015/11/17 09:19:56 [alert] 14#0: 1024 worker_connections are not enough
2015/11/17 09:19:56 [error] 14#0: *4077 recv() failed (104: Connection
reset by peer) while reading response header from upstream, client:
127.0.0.1, server: 127.0.0.1, request: "GET /favicon.ico HTTP/1.1",
upstream: "http://127.0.0.1:8080/favicon.ico";, host: "127.0.0.1:8080",
referrer: "http://127.0.0.1:8080/";
2015/11/17 09:24:21 [alert] 14#0: 1024 worker_connections are not enough
2015/11/17 09:24:21 [error] 14#0: *5097 recv() failed (104: Connection
reset by peer) while reading response header from upstream, client:
127.0.0.1, server: 127.0.0.1, request: "GET / HTTP/1.1", upstream: "
http://127.0.0.1:8080/";, host: "127.0.0.1:8080"
2015/11/17 09:24:22 [alert] 14#0: 1024 worker_connections are not enough
2015/11/17 09:24:22 [error] 14#0: *6116 recv() failed (104: Connection
reset by peer) while reading response header from upstream, client:
127.0.0.1, server: 127.0.0.1, request: "GET /favicon.ico HTTP/1.1",
upstream: "http://127.0.0.1:8080/favicon.ico";, host: "127.0.0.1:8080",
referrer: "http://127.0.0.1:8080/";
Please could you help me with this?
2015-11-10 12:35 GMT+01:00 Fengdong Yu <fengdo...@everstring.com>:
> Oh, thanks, I don’t have any Apache Shiro background, I will dig, thx
>
>
>
>
> On Nov 10, 2015, at 7:22 PM, tog <guillaume.all...@gmail.com> wrote:
>
> Hi Fendong,
>
> It is explicitely mentionned there:
> http://shiro.apache.org/java-authentication-guide.html
>
> Then realm to be used in that case is that one:
>
> https://shiro.apache.org/static/1.2.3/apidocs/org/apache/shiro/realm/ldap/JndiLdapRealm.html
>
> HTH
> Guillaume
>
> On 10 November 2015 at 10:56, Fengdong Yu <fengdo...@everstring.com>
> wrote:
>
>> I don’t find where is LDAP, can you give me a line range, thx
>>
>>
>>
>> On Nov 10, 2015, at 3:01 PM, tog <guillaume.all...@gmail.com> wrote:
>>
>> Well according to Apache Shiro pages, this is exactly what is proposed.
>> For authentication, it supports various data sources: LDAP, AD, JDBC ...
>> What do you want more?
>>
>>
>> On Tuesday, 10 November 2015, Fengdong Yu <fengdo...@everstring.com>
>> wrote:
>>
>>> Yes, looks great,
>>>
>>> but we need a pluggable authentication
>>>
>>>
>>>
>>> On Nov 10, 2015, at 2:58 AM, Jeff Steinmetz <jeffrey.steinm...@gmail.com>
>>> wrote:
>>>
>>> Looks like this is being worked on here:
>>> https://github.com/apache/incubator-zeppelin/pull/53
>>>
>>>
>>> From: Fengdong Yu
>>> Reply-To: <users@zeppelin.incubator.apache.org>
>>> Date: Monday, November 9, 2015 at 4:18 AM
>>> To: <users@zeppelin.incubator.apache.org>
>>> Subject: Re: authentication
>>>
>>> Thanks.
>>>
>>> Authentication should be include:
>>>
>>> 1) Login authentication to authenticate users
>>> 2) notebook authentication to authenticate user only reach own notebooks.
>>>
>>>
>>>
>>>
>>> On Nov 9, 2015, at 2:42 PM, Girish Reddy <gir...@springml.com> wrote:
>>>
>>> We have interest and can help with the development effort. We'll do a
>>> pull request and do some initial prototyping. Let me know if/how we can
>>> collaborate.
>>>
>>> On Sun, Nov 8, 2015 at 8:46 AM, Jeff Steinmetz <
>>> jeffrey.steinm...@gmail.com> wrote:
>>>
>>>> If there is enough interest and developers are into the idea: a
>>>> pluggable auth mechanism would be something to think about. Then the auth
>>>> system could use existing Json Web Tokens (single sign on), JWT via Auth0,
>>>> Stormpath, custom user:password with bcrypt passwords in a database, simple
>>>> authentication with a shared user:password, etc.
>>>>
>>>> Jeff
>>>>
>>>>
>>>> From: Girish Reddy
>>>> Reply-To: <users@zeppelin.incubator.apache.org>
>>>> Date: Saturday, November 7, 2015 at 10:35 PM
>>>> To: <users@zeppelin.incubator.apache.org>
>>>> Subject: Re: authentication
>>>>
>>>> Thank you for the suggestion. What do you think of writing a custom
>>>> auth module that gets executed on NotebookServer "onOpen" method or
>>>> "checkOrigin" methods? I can then restrict unauthorized users from
>>>> accessing the notebooks. Thoughts please?
>>>>
>>>>
>>>>
>>>> On Tue, Nov 3, 2015 at 8:17 AM, moon soo Lee <m...@apache.org> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Currently, Zeppelin does not have authentication.
>>>>> But you can try nice on going work here
>>>>> https://github.com/apache/incubator-zeppelin/pull/53
>>>>> Alternatively, you can use any http proxy in front of Zeppelin for
>>>>> authentication.
>>>>>
>>>>> Thanks,
>>>>> moon
>>>>>
>>>>>
>>>>> On Tue, Nov 3, 2015 at 4:54 PM Girish Reddy <gir...@springml.com>
>>>>> wrote:
>>>>>
>>>>>> Hello:
>>>>>>
>>>>>> What are the options if we wish to secure notebooks with user
>>>>>> authentication?
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>
>> --
>> PGP KeyID: 2048R/EA31CFC9 subkeys.pgp.net
>>
>>
>>
>
>
> --
> PGP KeyID: 2048R/EA31CFC9 subkeys.pgp.net
>
>
>
--
Pablo Torre.
Freelance software engineer and Ruby on Rails developer.
Oleiros (Coruña)
*Personal site <http://www.pablotorrerodriguez.com>*
My blog <http://www.aboutechnologies.com>
