id · May 31, 2024 16:22
diff --git a/cluster.hocon b/cluster.hocon
 authorization {
  deny_action = ignore
  no_match = deny
  sources = [
    {
      body {
        username = "${username}"
      }
      enable = true
      headers {
        accept = "application/json"
        content-type = "application/x-www-form-urlencoded"
      }
      method = post
      type = http
      url = "http://nginx/authz"
    }
  ]
 }
diff --git a/docker-compose.yaml b/docker-compose.yaml
 services:
  nginx:
    image: nginx:latest
    networks:
      - emqx
    volumes:
      - ./nginx.conf:/etc/nginx/conf.d/default.conf
    ports:
      - "8080:80"
  emqx:
    image: emqx/emqx-enterprise:5.7.0
    environment:
      EMQX_DASHBOARD__DEFAULT_PASSWORD: admin
      EMQX_LOG__CONSOLE__LEVEL: debug
    networks:
      - emqx
    volumes:
      - ./cluster.hocon:/opt/emqx/data/configs/cluster.hocon
    ports:
      - "1883:1883"
      - "8083:8083"
      - "8883:8883"
      - "8084:8084"
      - "18083:18083"

 networks:
  emqx:
diff --git a/nginx.conf b/nginx.conf
 log_format postdata escape=json '$remote_addr - $remote_user [$time_local] "$request" '
                                '$status $body_bytes_sent "$http_referer" '
                                '"$http_user_agent" "$http_x_forwarded_for" $request_body';
 server {
    listen 80;
    server_name _;
    default_type application/json;

    location /authz {
      if ($request_method != POST) {
        return 405;
      }
      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_redirect off;
      proxy_pass $scheme://127.0.0.1:$server_port/success;
      access_log /var/log/nginx/access.log postdata;
    }
    location /success {
      return 200 '{"result": "allow"}';
    }
 }
	authorization {
	deny_action = ignore
	no_match = deny
	sources = [
	{
	body {
	username = "${username}"
	}
	enable = true
	headers {
	accept = "application/json"
	content-type = "application/x-www-form-urlencoded"
	}
	method = post
	type = http
	url = "http://nginx/authz"
	}
	]
	}
	services:
	nginx:
	image: nginx:latest
	networks:
	- emqx
	volumes:
	- ./nginx.conf:/etc/nginx/conf.d/default.conf
	ports:
	- "8080:80"
	emqx:
	image: emqx/emqx-enterprise:5.7.0
	environment:
	EMQX_DASHBOARD__DEFAULT_PASSWORD: admin
	EMQX_LOG__CONSOLE__LEVEL: debug
	networks:
	- emqx
	volumes:
	- ./cluster.hocon:/opt/emqx/data/configs/cluster.hocon
	ports:
	- "1883:1883"
	- "8083:8083"
	- "8883:8883"
	- "8084:8084"
	- "18083:18083"

	networks:
	emqx:
	log_format postdata escape=json '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for" $request_body';
	server {
	listen 80;
	server_name _;
	default_type application/json;

	location /authz {
	if ($request_method != POST) {
	return 405;
	}
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_redirect off;
	proxy_pass $scheme://127.0.0.1:$server_port/success;
	access_log /var/log/nginx/access.log postdata;
	}
	location /success {
	return 200 '{"result": "allow"}';
	}
	}