Created
May 31, 2024 16:22
-
-
Save id/b1315201213612b8d54c599173072eb9 to your computer and use it in GitHub Desktop.
Test emqx authz webhook
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
authorization { | |
deny_action = ignore | |
no_match = deny | |
sources = [ | |
{ | |
body { | |
username = "${username}" | |
} | |
enable = true | |
headers { | |
accept = "application/json" | |
content-type = "application/x-www-form-urlencoded" | |
} | |
method = post | |
type = http | |
url = "http://nginx/authz" | |
} | |
] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
services: | |
nginx: | |
image: nginx:latest | |
networks: | |
- emqx | |
volumes: | |
- ./nginx.conf:/etc/nginx/conf.d/default.conf | |
ports: | |
- "8080:80" | |
emqx: | |
image: emqx/emqx-enterprise:5.7.0 | |
environment: | |
EMQX_DASHBOARD__DEFAULT_PASSWORD: admin | |
EMQX_LOG__CONSOLE__LEVEL: debug | |
networks: | |
- emqx | |
volumes: | |
- ./cluster.hocon:/opt/emqx/data/configs/cluster.hocon | |
ports: | |
- "1883:1883" | |
- "8083:8083" | |
- "8883:8883" | |
- "8084:8084" | |
- "18083:18083" | |
networks: | |
emqx: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
log_format postdata escape=json '$remote_addr - $remote_user [$time_local] "$request" ' | |
'$status $body_bytes_sent "$http_referer" ' | |
'"$http_user_agent" "$http_x_forwarded_for" $request_body'; | |
server { | |
listen 80; | |
server_name _; | |
default_type application/json; | |
location /authz { | |
if ($request_method != POST) { | |
return 405; | |
} | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_redirect off; | |
proxy_pass $scheme://127.0.0.1:$server_port/success; | |
access_log /var/log/nginx/access.log postdata; | |
} | |
location /success { | |
return 200 '{"result": "allow"}'; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment