Я использую Apache (2.4.23) резервный прокси-сервер (192.168.1.208) в CentOS 7.2 для пересечения источника, чтобы я мог отправлять файлы cookie с одного домена на другой.
Наше приложение (расположение в 192.168.1.210, с использованием splunk Java sdk для отправки запроса (http://192.168.0.208/splunk) на apache сервер (192.168.0.208). И прокси-сервер apache reserver отправит запрос в обратитесь к разделенному серверу, который прослушивает порт 8000 на том же сервере. Цель состоит в том, чтобы отправлять куки-файлы также на разделенный сервер (192.168.0.208:8000) для создания единого входа. Но мне не удалось отправить cook ie на разделенный сервер.
Наша конфигурация httpd.conf выглядит следующим образом:
ServerRoot "/usr/local/apache"
Listen 80
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule filter_module modules/mod_filter.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
<IfModule unixd_module>
User apache
Group apache
</IfModule>
ServerAdmin you@example.com
ServerName 192.168.1.208:80
<Directory />
AllowOverride All
Require all denied
</Directory>
DocumentRoot "/usr/local/apache/htdocs"
<Directory "/usr/local/apache/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel debug
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" common
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/usr/local/apache/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule>
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
<location /api/move >
Order deny,allow
Allow from all
</location>
httpd-vhost.conf
<VirtualHost *:80>
ProxyRequests Off
ProxyPreserveHost On
<Location "/splunk">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Header set Access-Control-Allow-Origin *
Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
Header set Access-Control-Allow-Headers "Content-Type"
Order deny,allow
Allow from all
RewriteEngine on
RewriteCond %{HTTP_COOKIE} ssouser=([^;]+) [NC]
RewriteRule .* - [E=RU:%1]
RequestHeader set REMOTE-USER %{RU}e
ProxyPass http://192.168.1.208:8000/splunk
ProxyPassReverse http://192.168.1.208:8000/splunk
</location>
</VirtualHost>
В Splunk у меня есть server.conf и web.conf два файла конфигурации в / opt / splunk / etc / system / local / folder.
server.conf
[general]
trustedIP = 192.168.1.208
serverName = Splunk_Core_02
pass4SymmKey = $7$RRvdYDdIlj4P2geQdtHluTRb7OfvZhTFTZGJ7z5JiZAkJ6Q1at6j0Q==
sessionTimeout = 30s
[sslConfig]
sslPassword = $7$m6pB5a0PWFg64VlNZGgunhGElO3qLiAc6NrhfLO+tpX2jR7WC7qm1Q==
[lmpool:auto_generated_pool_download-trial]
description = auto_generated_pool_download-trial
quota = MAX
slaves = *
stack_id = download-trial
[lmpool:auto_generated_pool_forwarder]
description = auto_generated_pool_forwarder
quota = MAX
slaves = *
stack_id = forwarder
[lmpool:auto_generated_pool_free]
description = auto_generated_pool_free
quota = MAX
slaves = *
stack_id = free
[license]
active_group = Enterprise
[diskUsage]
minFreeSpace = 1024
[lmpool:test_splunk]
quota = MAX
slaves = *
stack_id = enterprise
web.conf
# Version 7.2.4
[default]
[settings]
#SSO
SSOMode = permissive
trustedIP = 192.168.1.208
remoteUser = REMOTE-USER
tools.proxy.on = False
root_endpoint = /splunk
enableSplunkWebSSL = 0
httpport = 8000
mgmtHostPort = 127.0.0.1:8089
appServerPorts = 8065
splunkdConnectionTimeout = 30
enableSplunkWebClientNetloc = False
privKeyPath = $SPLUNK_HOME/etc/auth/splunkweb/privkey.pem
serverCert = $SPLUNK_HOME/etc/auth/splunkweb/cert.pem
sslVersions = tls1.2
cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
ecdhCurves = prime256v1, secp384r1, secp521r1
# external UI URIs
userRegistrationURL = https://www.splunk.com/page/sign_up
updateCheckerBaseURL = https://quickdraw.splunk.com/js/
docsCheckerBaseURL = https://quickdraw.splunk.com/help
showProductMenu = False
productMenuLabel = My Splunk
showUserMenuProfile = False
productMenuUriPrefix = https://splunkcommunities.force.com
x_frame_options_sameorigin = True
remoteUserMatchExact = 0
remoteGroupsMatchExact = 0
remoteGroupsQuoted = True
allowSsoWithoutChangingServerConf = 0
static_endpoint = /static
static_dir = share/splunk/search_mrsparkle/exposed
testing_endpoint = /testing
testing_dir = share/splunk/testing
rss_endpoint = /rss
embed_uri =
embed_footer = splunk>
template_dir = share/splunk/search_mrsparkle/templates
module_dir = share/splunk/search_mrsparkle/modules
enable_gzip = True
use_future_expires = True
flash_major_version = 9
flash_minor_version = 0
flash_revision_version = 124
enable_proxy_write = True
js_logger_mode = None
js_logger_mode_server_end_point = util/log/js
js_logger_mode_server_poll_buffer = 1000
js_logger_mode_server_max_buffer = 100
ui_inactivity_timeout = 60
enable_insecure_login = True
simple_error_page = False
cacheBytesLimit = 4194304
cacheEntriesLimit = 16384
staticCompressionLevel = 9
enable_autocomplete_login = False
verifyCookiesWorkDuringLogin = True
login_content =
enabled_decomposers = plot
minify_js = True
minify_css = True
trap_module_exceptions = True
enable_pivot_adhoc_acceleration = True
pivot_adhoc_acceleration_mode = Elastic
jschart_test_mode = False
jschart_truncation_limit.chrome = 50000
jschart_truncation_limit.firefox = 50000
jschart_truncation_limit.safari = 50000
jschart_truncation_limit.ie11 = 50000
jschart_series_limit = 100
jschart_results_limit = 10000
choropleth_shape_limit = 10000
dashboard_html_allow_inline_styles = true
dashboard_html_allow_iframes = true
max_view_cache_size = 1000
pdfgen_is_available = 1
listenOnIPv6 = no
log.access_file = web_access.log
log.access_maxsize = 25000000
log.access_maxfiles = 5
log.error_maxsize = 25000000
log.error_maxfiles = 5
log.screen = True
request.show_tracebacks = True
engine.autoreload_on = False
tools.sessions.on = True
tools.sessions.timeout = 1
tools.sessions.restart_persist = True
tools.sessions.httponly = True
tools.sessions.secure = True
tools.sessions.forceSecure = False
response.timeout = 7200
tools.sessions.storage_type = file
tools.sessions.storage_path = var/run/splunk
tools.decode.on = True
tools.encode.on = True
tools.encode.encoding = utf-8
override_JSON_MIME_type_with_text_plain = True
job_min_polling_interval = 100
job_max_polling_interval = 1000
acceptFrom = *
maxThreads = 0
maxSockets = 0
dedicatedIoThreads = 0
keepAliveIdleTimeout = 7200
busyKeepAliveIdleTimeout = 12
forceHttp10 = auto
# Controls CORS headers sent with responses. This only takes effect when appServerPorts is set to a non-zero value.
crossOriginSharingPolicy =
allowSslCompression = false
allowSslRenegotiation = true
sendStrictTransportSecurityHeader = false
enableWebDebug = true
allowableTemplatePaths =
enable_risky_command_check = true
loginCustomLogo =
customFavicon =
loginBackgroundImageOption = default
loginCustomBackgroundImage =
loginFooterOption = default
loginFooterText =
loginDocumentTitleOption = default
loginDocumentTitleText =
loginPasswordHint =
appNavReportsLimit = 500
Когда я нажимаю ссылка в нашем приложении (192.1.168.210) , она вызывает splunk java sdk и отправляет запрос (http://192.168.1.208/splunk) на (http://192.168.1.208/splunk/en-GB/account/login?return_to=%2Fsplunk%2Fen-GB%2F). Я не смог найти cook ie. Я даже не смог включить SSO. Как это может быть?
У меня есть страница отладки SSO, показанная ниже:
