按照url路徑劃分不同業務組的應用
例如nginx日誌顯示:
"POST/elasticsearch/logstash-ceshi-1*/_field_stats?level=indices HTTP/1.1" 401195 "http://192.168.6.3:9999/app/kibana" "Mozilla/5.0 (WindowsNT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0"
"POST /elasticsearch/logstash-ceshi-2*/_field_stats?level=indicesHTTP/1.1" 200 266 "http://192.168.6.3:9999/app/kibana""Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101Firefox/51.0"
假如:
允許wangdd,wangzz,wangxx訪問/路徑
允許wangdd訪問logstash-ceshi-1*索引
允許wangzz 訪問logstash-ceshi-2*索引
設置三個文件分配:/使用site_pass_2認證文件,記錄三人用戶密碼允許三人全部訪問
logstash-ceshi-1*使用site_pass1認證文件,允許wangzz訪問
logstash-ceshi-2*使用site_pass認證文件,允許wangdd訪問
命令:
創建文件並添加首個用戶
htpasswd -c /mapbar/app/nginx-1.2.2/conf/site_pass_2 wangxx
New password:
Re-type new password:
Adding password for user wangxx
追加一個用戶到文件
htpasswd -b /mapbar/app/nginx-1.2.2/conf/site_pass_2 wangzz password
Adding password for user wangzz
追加第二個用戶到文件
htpasswd -b /mapbar/app/nginx-1.2.2/conf/site_pass_2 wangdd password
Adding password for user wangdd
三個文件創建完後效果
site_pass_2訪問/路徑用的認證文件
cat /mapbar/app/nginx-1.2.2/conf/site_pass_2
wangzz:wi6auciO1xX5c
wangxx:cPmyh4wFDQ9xg
site_pass_1訪問logstash-ceshi-1*索引用的認證文件
cat /mapbar/app/nginx-1.2.2/conf/site_pass_1
wangzz:B61OxHybX4H.A
site_pass訪問logstash-ceshi-2*索引用的認證文件
cat /mapbar/app/nginx-1.2.2/conf/site_pass
wangdd:YDgPa.WUDLqp.
Nginx location匹配
location /
{
proxy_pass http://192.168.6.3:5601;
auth_basic "userpassword";
auth_basic_user_file /mapbar/app/nginx-1.2.2/conf/site_pass_2;
}
location ^~ /elasticsearch/logstash-ceshi-1*/
{
proxy_pass http://192.168.6.3:5601;
auth_basic "userpassword";
auth_basic_user_file /mapbar/app/nginx-1.2.2/conf/site_pass_1;
}
location ^~ /elasticsearch/logstash-ceshi-2*/
{
proxy_pass http://192.168.6.3:5601;
auth_basic "userpassword";
auth_basic_user_file /mapbar/app/nginx-1.2.2/conf/site_pass;
}
配完成後重啓nginx
驗證:
當用wangxx訪問首頁時通過
當進入默認logstash-ceshi-1*索引,由於wangxx權限不足需要再次認證
輸入wangzz後,權限滿足
當進入logstash-ceshi-2*時由於wangzz權限不足再次需要認證。
輸入相應權限wangdd
進入logstash-ceshi-2*