4.2 反向代理授权

功能开发中。

你可以使用HTTP反向代理服务器进行授权。启用该功能,我们可以对JUNO配置如下。

  1. [auth.proxy]
  2. # Defaults to false, but set to true to enable this feature
  3. enabled = true
  4. # HTTP Header name that will contain the username or email
  5. header_name = "X-WEBAUTH-USER"
  6. # HTTP Header property, defaults to `username` but can also be `email`
  7. header_property = "username"
  8. # Set to `true` to enable auto sign up of users who do not exist in Grafana DB. Defaults to `true`.
  9. auto_sign_up = true
  10. # Define cache time to live in minutes
  11. # If combined with Grafana LDAP integration it is also the sync interval
  12. sync_ttl = 60
  13. # Limit where auth proxy requests come from by configuring a list of IP addresses.
  14. # This can be used to prevent users spoofing the X-WEBAUTH-USER header.
  15. # Example `whitelist = 192.168.1.1, 192.168.1.0/24, 2001::23, 2001::0/120`
  16. whitelist = ""
  17. # Optionally define more headers to sync other user attributes
  18. # Example `headers = Name:X-WEBAUTH-NAME Email:X-WEBAUTH-EMAIL Groups:X-WEBAUTH-GROUPS`
  19. headers = ""
  20. # Check out docs on this for more details on the below setting
  21. enable_login_token = false

4.2.1 与 Juno 的交互

  1. curl -H "X-WEBAUTH-USER: admin"  http://localhost:50000/api/users
  2. [
  3.     {
  4.         "id":1,
  5.         "name":"",
  6.         "login":"admin",
  7.         "email":"admin@localhost",
  8.         "isAdmin":true
  9.     }
  10. ]