I am trying to divide microservices and their auth.
Demo config is looks like:
[frontends]
[frontends.frontend1]
entryPoints = ["http"]
backend = "rancher1"
passHostHeader = true
forwardAuth = "http://127.0.0.1:8090"
[frontends.frontend1.routes.test_1]
rule = "PathPrefixStrip:/order"
[frontends.rancher2]
backend = "rancher2"
passHostHeader = true
[frontends.rancher2.routes.test_1]
rule = "PathPrefixStrip:/test"
How to apply forwardAuth to frontends.frontend1
Thanks to Daniel he helped me.
So, it's really easy to do:
Check your traefik version its should be at least 1.7 (i am not sure in which version this feature was added but its working in 1.7 and 1.7.1).
Make your config like this:
[frontends.service]
backend = "service"
passHostHeader = true
[frontends.ordersWorker.auth.forward]
address = "http://127.0.0.1:8090"
Related
I set up an Elastic Cloud to offload my local elasticsearch config (as one does), but for reasons unknown to me, I can't get it to show any logs in Elastic Cloud, despite it working fine locally.
The code I got: (modified for privacy reasons)
//var uri = new Uri("http://localhost:9200"); // old one
var uri = new Uri("https://my-server.kb.eastus2.azure.elastic-cloud.com:9243");
var sinkOptions = new ElasticsearchSinkOptions(uri)
{
AutoRegisterTemplate = true,
ModifyConnectionSettings = x => x.BasicAuthentication("elastic", "the password I was given"),
IndexFormat = $"test-logs-{env.EnvironmentName?.ToLower().Replace('.', '-')}-{DateTime.Now:yyyy-MM}",
};
Log.Logger = new LoggerConfiguration()
.ReadFrom.Configuration(config)
.Enrich.FromLogContext()
.Enrich.WithMachineName()
.WriteTo.Console()
.WriteTo.Elasticsearch(sinkOptions)
.Enrich.WithProperty("Environment", env.EnvironmentName)
.CreateLogger();
There are two possible reasons I can think of that might be the cause of this not working:
The credentials are wrong
The Uri is wrong
Every solution I've been given so far has provided the data in this fashion, and nowhere does it say what the URI I'm supposed to use looks like.
I get no errors.
I get no warnings.
I get no logs.
What am I doing wrong here?
The issue was using the incorrect uri. I wrote
my-server.kb.eastus2.azure.elastic-cloud.com:9243 rather than
my-server.es.eastus2.azure.elastic-cloud.com:9243.
Note the very tiny difference that is kb vs es in the url
I am currently using selenium and crawling a website.
I have tested if I could set a proxy server on Selenium.
But now, I want to set a paid rental proxy server and I got a trial IP address whose the format looks like this IP:PORT:USER:PASS.
And I don't know how to set USER:PASS.
The provider didn't know how to set in Selenium.
So I don't know what I can do now.
With random proxy this worked fine.
proxy_host = '185.186.61.44'
proxy_port = '11334'
options = Selenium::WebDriver::Chrome::Options.new
options.add_argument('--headless')
options.add_argument('--no-sandbox')
options.add_argument("--proxy-server=http://#{proxy_host}:#{proxy_port}")
So I wanted to set something like this.
proxy_host = '185.186.61.44'
proxy_port = '12323'
proxy_user = "7a2345129"
proxy_pass = "easdga341d4"
options = Selenium::WebDriver::Chrome::Options.new
options.add_argument("--proxy-server=http://#{proxy_host}:#{proxy_port}:#{proxy_user}:#{proxy_pass}")
but I found that it was not that easy as I read some solution that uses puppeteer.
I wonder if there are any solution for my case.
If anybody has any clues I would love you to tell me.
Thank you.
Selenium 4 added support for basic auth, which at the time of writing is Chrome specific.
See here for more details.
To specify basic auth creds:
driver.devtools.new
driver.register(username: 'username', password: 'password')
Example using scraperapi.com as proxy
require 'selenium-webdriver'
proxy = Selenium::WebDriver::Proxy.new(
http: 'proxy-server.scraperapi.com:8001',
ssl: 'proxy-server.scraperapi.com:8001'
)
cap = Selenium::WebDriver::Remote::Capabilities.chrome(proxy: proxy)
options = Selenium::WebDriver::Chrome::Options.new(
args: [
'--no-sandbox',
'--headless',
'--disable-dev-shm-usage',
'--single-process',
'--ignore-certificate-errors'
]
)
driver = Selenium::WebDriver.for(:chrome, capabilities: [options,cap])
driver.devtools.new
driver.register(username: 'scraperapi', password: 'xxxx')
driver.navigate.to("http://httpbin.org/ip")
puts "content: #{driver.page_source}"
The Chrome::Options above are specific to my usecase, expect for the ignore-certificate-errors option which is needed to handle https traffic using scraperapi's proxies.
gemfile had:
gem 'selenium-devtools', '~> 0.91.0'
gem 'selenium-webdriver', '~> 4.1'
The format of an URL is most like
proto://USER:PASS#host.domain.tld:port
So your code have to look like :
proxy_host = '185.186.61.44'
proxy_port = '12323'
proxy_user = "7a2345129"
proxy_pass = "easdga341d4"
options = Selenium::WebDriver::Chrome::Options.new
options.add_argument("--proxy-server=http://{proxy_user}:#{proxy_pass}##{proxy_host}:#{proxy_port}:#")
I want to permanently redirect all requests to example.com and www.example.com to blog.example.com in a TLS environment.
My current config:
traefik.toml:
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
[entryPoints.websecure]
address = ":443"
[providers.docker]
exposedbydefault = false
watch = true
network = "web"
[providers.file]
filename = "traefik_dynamic.toml"
[certificatesResolvers.lets-encrypt.acme]
email = "mymail#example.com"
storage = "/letsencrypt/acme.json"
[certificatesResolvers.lets-encrypt.acme.dnsChallenge]
provider = "myprovider"
traefik_dynamic.toml:
[http.middlewares]
[http.middlewares.goToBlog.redirectregex]
regex = "^https://(.*)example.com/(.*)"
replacement = "https://blog.example.com/$${2}"
permanent = true
[http.routers]
[http.routers.gotoblog]
rule = "Host(`example.com`) || Host(`www.example.com`)"
entrypoints = ["websecure"]
middlewares = ["goToBlog"]
service = "noop#internal"
[http.routers.gotoblog.tls]
certResolver = "lets-encrypt"
When I try to access example.com it gives my an SSL Protocol Error. All my other endpoints including blog.example.com are working. What am I doing wrong?
Okey, obviously it had nothing to do with my redirect configuration. Seemed like a hickup in traefik / docker, similar to ACME certificates timeout with traefik. Just waited one day and everything worked as expected. Just two minor updates to correct the redirect configuration. Maybe there's a more elegant solution.
traefik_dynamic.toml:
[http.middlewares]
[http.middlewares.goToBlog.redirectregex]
regex = "^https://(.*)example.com/(.*)"
replacement = "https://blog.example.com/${2}" # no double $$
permanent = true
[http.routers]
[http.routers.gotoblog]
rule = "Host(`example.com`, `www.example.com`)" # just an array of domains is fine, too
entrypoints = ["websecure"]
middlewares = ["goToBlog"]
service = "noop#internal"
[http.routers.gotoblog.tls]
certResolver = "lets-encrypt"
I tried to set a new parse server url while inside the app, but there was no change what so ever.
Parse.server = #"https://serverNewUrl.com"; or [Parse setServer:#"https://serverNewUrl.com"];
NSLog(#"%#",Parse.server); -----> This prints the new server set
NSLog(#"%#",Parse.currentConfiguration.server); -----> This prints the old one set
How did you achieve the change ? Parse iOS SDK 1.18
Try to use the initialize function. I believe it should work even if you use it a second time to change the server URL.
let parseConfig = ParseClientConfiguration {
$0.applicationId = "parseAppId"
$0.clientKey = "parseClientKey"
$0.server = "parseServerUrlString"
}
Parse.initialize(with: parseConfig)
here is a part of my perl cgi script (which is working..):
use Net::LDAP;
use Net::LDAP::Entry;
...
$edn = "DC=xyz,DC=com";
$quser ="(&(objectClass=user)(cn=$username))";
$ad = Net::LDAP->new("ip_address...");
$ldap_msg=$ad->bind("$username\#xyz.com", password=>$password);
my $result = $ad->search( base=>$edn,
scope=>"sub",
filter=>$quser);
my $entry;
my $myname;
my $emailad;
my #entries = $result->entries;
foreach $entry (#entries) {
$myname = $entry->get_value("givenName");
$emailad = $entry->get_value("mail");
}
So basically, there is no admin/manager account for AD, users credentials are used for binding. I need to implement the same thing in grails..
+Is there a way to configure the plugin to search several ADs, I know I can add more ldap IPs in context.server but for each server I need a different search base...
++ I dont wanna use my DB, just AD. User logins through ldap > I get his email, and use the email for another ldap query but that will probably be another topic :)
Anyway the code so far is:
grails.plugin.springsecurity.ldap.context.managerDn = ''
grails.plugin.springsecurity.ldap.context.managerPassword = ''
grails.plugin.springsecurity.ldap.context.server = 'ldap://address:389'
grails.plugin.springsecurity.ldap.authorities.ignorePartialResultException = true
grails.plugin.springsecurity.ldap.search.base = 'DC=xyz,DC=com'
grails.plugin.springsecurity.ldap.authenticator.useBind=true
grails.plugin.springsecurity.ldap.authorities.retrieveDatabaseRoles = false
grails.plugin.springsecurity.ldap.search.filter="sAMAccountName={0}"
grails.plugin.springsecurity.ldap.search.searchSubtree = true
grails.plugin.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
grails.plugin.springsecurity.ldap.search.attributesToReturn =
['mail', 'givenName']
grails.plugin.springsecurity.providerNames=
['ldapAuthProvider',anonymousAuthenticationProvider']
grails.plugin.springsecurity.ldap.useRememberMe = false
grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = false
grails.plugin.springsecurity.ldap.authorities.groupSearchBase ='DC=xyz,DC=com'
grails.plugin.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}'
And the error code is: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1
And it's the same code for any user/pass I try :/
Heeeeelp! :)
The most important thing with grails and AD is to use ActiveDirectoryLdapAuthenticationProvider rather than LdapAuthenticationProvider as it will save a world of pain. To do this, just make the following changes:
In resources.groovy:
// Domain 1
ldapAuthProvider1(ActiveDirectoryLdapAuthenticationProvider,
"mydomain.com",
"ldap://mydomain.com/"
)
// Domain 2
ldapAuthProvider2(ActiveDirectoryLdapAuthenticationProvider,
"mydomain2.com",
"ldap://mydomain2.com/"
)
In Config.groovy:
grails.plugin.springsecurity.providerNames = ['ldapAuthProvider1', 'ldapAuthProvider2']
This is all the code you need. You can pretty much remove all other grails.plugin.springsecurity.ldap.* settings in Config.groovy as they don't apply to this AD setup.
Documentation:
http://docs.spring.io/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ldap-active-directory