按照url路径划分不同业务组的应用
例如nginx日志显示:
"POST/elasticsearch/logstash-ceshi-1*/_field_stats?level=indices HTTP/1.1" 401195 "http://192.168.6.3:9999/app/kibana" "Mozilla/5.0 (WindowsNT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0"
"POST /elasticsearch/logstash-ceshi-2*/_field_stats?level=indicesHTTP/1.1" 200 266 "http://192.168.6.3:9999/app/kibana""Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101Firefox/51.0"
假如:
允许wangdd,wangzz,wangxx访问/路径
允许wangdd访问logstash-ceshi-1*索引
允许wangzz 访问logstash-ceshi-2*索引
设置三个文件分配:/使用site_pass_2认证文件,记录三人用户密码允许三人全部访问
logstash-ceshi-1*使用site_pass1认证文件,允许wangzz访问
logstash-ceshi-2*使用site_pass认证文件,允许wangdd访问
命令:
创建文件并添加首个用户
htpasswd -c /mapbar/app/nginx-1.2.2/conf/site_pass_2 wangxx
New password:
Re-type new password:
Adding password for user wangxx
追加一个用户到文件
htpasswd -b /mapbar/app/nginx-1.2.2/conf/site_pass_2 wangzz password
Adding password for user wangzz
追加第二个用户到文件
htpasswd -b /mapbar/app/nginx-1.2.2/conf/site_pass_2 wangdd password
Adding password for user wangdd
三个文件创建完后效果
site_pass_2访问/路径用的认证文件
cat /mapbar/app/nginx-1.2.2/conf/site_pass_2
wangzz:B61OxHybX4H.A
site_pass访问logstash-ceshi-2*索引用的认证文件
cat /mapbar/app/nginx-1.2.2/conf/site_pass
wangdd:YDgPa.WUDLqp.
Nginx location匹配
location /
{
proxy_pass http://192.168.6.3:5601;
auth_basic "userpassword";
auth_basic_user_file /mapbar/app/nginx-1.2.2/conf/site_pass_2;
}
location ^~ /elasticsearch/logstash-ceshi-1*/
{
proxy_pass http://192.168.6.3:5601;
auth_basic "userpassword";
auth_basic_user_file /mapbar/app/nginx-1.2.2/conf/site_pass_1;
}
location ^~ /elasticsearch/logstash-ceshi-2*/
{
proxy_pass http://192.168.6.3:5601;
auth_basic "userpassword";
auth_basic_user_file /mapbar/app/nginx-1.2.2/conf/site_pass;
}
配完成后重启nginx
验证:
当用wangxx访问首页时通过
当进入默认logstash-ceshi-1*索引,由于wangxx权限不足需要再次认证
输入wangzz后,权限满足
当进入logstash-ceshi-2*时由于wangzz权限不足再次需要认证。
输入相应权限wangdd
进入logstash-ceshi-2*