CN117319480A - Method for integrating Web system based on reverse proxy - Google Patents
Method for integrating Web system based on reverse proxy Download PDFInfo
- Publication number
- CN117319480A CN117319480A CN202311349914.4A CN202311349914A CN117319480A CN 117319480 A CN117319480 A CN 117319480A CN 202311349914 A CN202311349914 A CN 202311349914A CN 117319480 A CN117319480 A CN 117319480A
- Authority
- CN
- China
- Prior art keywords
- reverse proxy
- user
- request
- proxy server
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 230000004044 response Effects 0.000 claims description 39
- 238000012545 processing Methods 0.000 claims description 17
- 238000013507 mapping Methods 0.000 claims description 16
- 230000008569 process Effects 0.000 claims description 13
- 238000012795 verification Methods 0.000 claims description 11
- 230000010354 integration Effects 0.000 claims description 8
- 238000004891 communication Methods 0.000 claims description 5
- 235000014510 cooky Nutrition 0.000 claims description 5
- 238000013475 authorization Methods 0.000 description 6
- 238000009434 installation Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000009118 appropriate response Effects 0.000 description 1
- 235000013405 beer Nutrition 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000003139 buffering effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/2895—Intermediate processing functionally located close to the data provider application, e.g. reverse proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a method for integrating a Web system based on a reverse proxy, which relates to the technical field of the reverse proxy and comprises the following steps: configuring a reverse proxy server, taking the reverse proxy server as a middle layer, receiving a request of a user and proxy to a main system; configuring reverse proxy rules on a reverse proxy server, and proxy the request of the main system to a third party system; user identity authentication is carried out on the reverse proxy server; after the user identity authentication is successful, the reverse proxy server transmits the user authentication information to the back-end Web server. The method provided by the invention integrates a plurality of service subsystems, not only comprises a self-developed system, but also comprises a third party subsystem for direct purchase, and the identity authentication of each subsystem is concentrated to one entrance without exposing any subsystem address real access address, so that the safety of the system is improved, one control is performed, and each subsystem is applicable.
Description
Technical Field
The invention relates to the technical field of reverse proxy, in particular to a method for integrating a Web system based on a reverse proxy.
Background
A software system may be integrated by multiple independent systems, which may be from other third party systems, which have been delivered, and which have not been custom developed, and which are then integrated.
The invention patent with the Chinese application number of 202011312503.4 discloses a method for realizing the automation of the DevOps based on reverse proxy service, which is used for intercepting the URL of the interactive process request of the Git warehouse in the continuous integration flow of the DevOps, executing cooperative processing service operation aiming at the intercepted URL, configuring the Jenkins service of the continuous integration of the DevOps, providing a tool set for quickly constructing the continuous integration construction environment of the DevOps for subsequent quick installation, and realizing the automation by intercepting the cooperative operation of specific service application in a non-invasive source code manner and utilizing a reverse proxy technology. But this technology remains to be improved for user personalized services and system security.
Disclosure of Invention
In view of this, the present invention provides a method for integrating Web systems based on reverse proxy, integrating multiple service subsystems, including both self-developed systems and third party subsystems for direct purchase, without exposing any subsystem address real access address, the identity authentication of each subsystem is concentrated to one entry, improving the security of the system, and one control, and each subsystem is suitable for use.
The technical scheme of the invention is realized as follows: the invention provides a method for integrating a Web system based on a reverse proxy, which comprises the following steps:
s1, configuring a reverse proxy server, taking the reverse proxy server as a middle layer, receiving a request of a user and proxy to a main system;
s2, configuring reverse proxy rules on a reverse proxy server, and proxy the request of the main system to a third party system;
s3, user identity authentication is carried out on the reverse proxy server;
and S4, after the user identity authentication is successful, the reverse proxy server transmits the user authentication information to the back-end Web server.
Based on the above technical solution, preferably, step S1 includes:
selecting Nginx as a reverse proxy server, and installing and configuring the Nginx;
searching configuration items related to the reverse proxy in a configuration file of Nginx, and formulating addresses and ports of a main system and a third party system in the configuration items;
the address and port of the main system are the addresses and ports of the main system which allow the user to access, and the address and port of the third party system are the addresses and ports of the third party system which are integrated in a target way.
Based on the above technical solution, preferably, in step S2, the reverse proxy rule is a URL mapping rule or a redirection rule;
wherein:
the URL mapping rule is to add the URL mapping rule in the configuration file of the reverse proxy server, and map the URL of the main system to the URL of the third party system;
the redirection rule is to add a redirection agent rule in the configuration file of the reverse proxy server, and redirect the request of the main system to a specific page of the third party system.
On the basis of the above technical solution, preferably, two location blocks are defined in a configuration file of nginnx, and a front end page and a back end interface address of a main system are respectively processed, where:
front page: configuring a root path/-in a location block, and mapping the requested root path to an index.html file under a/var/local/prod/h 5 directory;
rear-end interface address: and configuring paths with/web/beginning in another location block, and proxy requests of the paths to http:// localhost 8880/address of the system, and adding a response head in the location block, configuring the cross-domain request according to the response head, and allowing the cross-domain request to access the interface.
Based on the above technical solution, preferably, in step S3, the manner of performing user identity authentication on the reverse proxy server is basic identity authentication or token identity authentication, where:
the basic identity authentication is as follows: the user provides a user name and a password when requesting each time, the reverse proxy server matches the user name and the password with the pre-configured user information, if the matching is successful, the request is allowed to pass, and if the matching is unsuccessful, a 401Unauthorized response is returned;
the token identity authentication is as follows: after the user performs identity verification, the reverse proxy server sends a token to the user, the user sends the token to the reverse proxy server as identity credentials when requesting each time, the reverse proxy server verifies the validity of the token, if the token is valid, the verification is passed, otherwise, a 401Unauthorized response is returned.
Based on the above technical solution, preferably, the reverse proxy rule is a URL mapping rule, and a reverse proxy server is configured in a configuration file of nginnx to perform user identity authentication, including:
configuring a snoop port 9999 and mapping the request to the host system;
defining an internal interface/auth, processing a user identity authentication request by using the internal interface, wherein the internal interface uses an internal instruction of Nginx;
the error processing page is configured, and when the user identity authentication fails, a 401Unauthorized response is returned;
forwarding the request to a custom logic processing interface/web/open/getvmUrl of the host system by setting a variable $auth_request_uri, and passing a request parameter $args to the custom logic processing interface to process all the initial/beginning requests;
using an auth_request/auth instruction, sending the request to an internal interface/auth for user identity authentication;
using an auth_request_set instruction to store the authority check code returned by the internal interface and the real URL of the third party system into a variable $new_url;
an error page is configured, and when the user identity authentication fails, a 401Unauthorized response is returned;
the proxy_pass instruction is used to forward the request to the real URL of the third party system.
Based on the above technical solution, preferably, step S4 includes:
the reverse proxy server transmits the user identity authentication information to a back-end Web server as a part of a request head;
and the back-end Web server acquires the user identity authentication information from the request header and carries out corresponding processing.
Based on the above technical solution, preferably, step S4 further includes:
according to the information of user identity authentication, the back-end Web server receives the HTTP request of the/open/getVmUrl path, and parameters HttpServletRequest request and HttpServletResponse response are respectively set to represent the received HTTP request and the HTTP response to be sent;
verifying whether the user has authority access or not by using the customized verification logic, if the user has no authority, returning 401Unauthorized response, and if the user has authority, executing customized acquisition logic to acquire the real URL of the third party system;
and setting the acquired real URL of the third party system to the head of the response by a response.setHeader method to carry out HTTP response.
On the basis of the above technical solution, preferably, the method further includes: the reverse proxy server is utilized to manage the user session, ensuring that session consistency is maintained in the communication between the user and the back-end Web server.
Based on the above technical solution, preferably, the process of managing the user session by the reverse proxy server is:
when the user performs identity authentication or establishes a session with the application, the reverse proxy server generates a unique session identifier;
in each request of the user, the reverse proxy server transmits the session identifier to the back-end Web server in the form of parameters, request header or Cookie;
after receiving the session identifier, the back-end Web server associates the session identifier with the session state of the user;
the reverse proxy server maintains the consistency of the session between the user and the back-end Web server;
the reverse proxy server processes and destroys expired sessions.
Compared with the prior art, the method has the following beneficial effects:
(1) The invention integrates a plurality of service subsystems, including a self-developed system and a third party subsystem for direct purchase, and does not expose any subsystem address real access address, thereby simplifying the system architecture, reducing the complexity and providing better performance and safety;
(2) The invention can directly proxy the request of the user from the front end to the main system by configuring the reverse proxy server as the middle layer, thereby realizing the forwarding and routing of the request. Therefore, the main system can be isolated from users, and the expandability and the safety of the system are improved;
(3) The invention can proxy the request of the main system to the third party system by configuring the reverse proxy rule on the reverse proxy server. Thus, integration and data sharing among the systems can be realized, and richer functions and services are provided for users;
(4) The invention can ensure that only authenticated users can access the main system and the third party system by carrying out user identity authentication on the reverse proxy server. This may provide protection for system resources and prevent unauthorized access and abuse;
(5) The invention can transmit the authentication information of the user to the back-end Web server through the reverse proxy server. The back-end server can provide personalized services according to the identity of the user and keep the state and data of the user in the session;
(6) The invention can provide durability, consistency and security for the management of the user session by the reverse proxy server, ensure that the user can obtain personalized service, and protect system resources from unauthorized access and abuse.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method according to an embodiment of the present invention;
fig. 2 is a flowchart of an implementation of an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will clearly and fully describe the technical aspects of the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, are intended to fall within the scope of the present invention.
As shown in fig. 1, the present invention provides a method for integrating a Web system based on a reverse proxy, comprising:
s1, configuring a reverse proxy server, taking the reverse proxy server as a middle layer, receiving a request of a user and proxy to a main system;
s2, configuring reverse proxy rules on a reverse proxy server, and proxy the request of the main system to a third party system;
s3, user identity authentication is carried out on the reverse proxy server;
and S4, after the user identity authentication is successful, the reverse proxy server transmits the user authentication information to the back-end Web server.
As shown in fig. 2, the flow of one embodiment of the present invention is: 1) The method comprises the steps of taking Nginx as a reverse proxy server, wherein the reverse proxy server is positioned at the front end of the Web system, and receives a request from a user and forwards the request to a Web server at the back end. The access URL of the main system is configured in Nginx, so that the foreground page and the background interface address of the main system are uniformly forwarded by an Nginx agent; 2) The front end page adopts a monitor 80 port down/, the rear end interface adopts a monitor 80 port down/web, and the real URL of the third party system adopts a monitor third party system request port 9999.
According to the reverse proxy server Nginx configured above, after receiving the user request, the identity of the user is authenticated. It may use a variety of authentication mechanisms such as user name and password, token, single Sign On (SSO), etc. According to the authentication result, the reverse proxy server can decide whether to continue forwarding the request to the back-end Web server; and adding a third party system configuration needing integration into the Nginx configuration file. A check interface is added to the configuration. When the proxy address of the main system is accessed, the proxy address is forwarded to the third party system, so that the data of the third party system is accessed at the back end, the client at the front end is not perceived, and the access address of the third party system is shielded; once the user identity authentication is successful, the reverse proxy server will pass the authentication information to the back-end Web server. This may be communicated via HTTP header or otherwise so that the backend server may verify the user's identity and provide the corresponding services using the authentication information; the reverse proxy server may manage the user session to ensure that session consistency is maintained in communications between the user and the back-end server. It may generate a session identifier and communicate the session identifier to the backend server upon each request by the user. The backend server may track the session state of the user based on the session identifier and provide personalized services.
Specifically, in one embodiment of the present invention, step S1 includes:
selecting Nginx as a reverse proxy server, and installing and configuring the Nginx;
searching configuration items related to the reverse proxy in a configuration file of Nginx, and formulating addresses and ports of a main system and a third party system in the configuration items;
the address and port of the main system are the addresses and ports of the main system which allow the user to access, and the address and port of the third party system are the addresses and ports of the third party system which are integrated in a target way.
The following description is given by way of a specific example:
1. installation of ng nx: depending on the operating system, an appropriate package manager (e.g., apt, yum, or brew) may be used to install the Nginx. For example, the following commands may be run on Ubuntu for installation:
sudo aptupdate
sudo apt install nginx
2. configuration of ng nx: the main configuration file of Nginx is nginx.conf, in which reverse proxy related configuration can be performed. The file may be opened for editing using a text editor (e.g., vi or nano):
sudo nano/etc/nginx/nginx.conf
3. searching configuration files for configuration items related to the reverse proxy: in the nginx. Conf file, the following keywords may be searched to find reverse-agent related configuration items:
proxy_pass
this configuration item is used to specify the target address of the reverse proxy. Typically, the addresses and ports of the host system and the third party system may be specified after the configuration item.
4. Addresses and ports of the main system and the third party system are configured: according to the actual situation, addresses and ports of the main system and the third party system can be specified behind the found proxy_pass configuration item. For example:
so configured, when a user requests/main-system paths, nginx will proxy the request to the designated main system address and port; when a user requests/requests a third-party-system path, nginx will proxy the request to the specified third-party system address and port.
5. Save and exit configuration file: after the configuration is completed, the nginx.conf file is saved and exited.
6. Reloading the nmginx configuration: to validate the configuration, the nmginx needs to be reloaded. The following commands may be run to reload the nmginx configuration:
sudo systemctl reload nginx
after the above steps are completed, the Nginx will proxy the user's request to the host system and the third party system according to the configuration. When a user accesses/main-system path, the request is proxied to the address and port of the host system; when a user accesses/accesses the third-party-system path, the request is proxied to the address and port of the third-party system.
Nginx acts as a reverse proxy server, enabling the request to be proxied to different systems based on the path of the user request. Thus, integration and data sharing between systems can be realized, and a unified access entry is provided. The user may access the host system and the third party system by accessing the nmginx server without directly exposing the addresses and ports of the host system and the third party system. Simultaneously, nginx can also provide functions such as load balancing, buffering, safety and the like, and improves the performance and safety of the system.
In step S2, the reverse proxy rule is a URL mapping rule or a redirection rule;
wherein:
the URL mapping rule is to add the URL mapping rule in the configuration file of the reverse proxy server, and map the URL of the main system to the URL of the third party system;
the redirection rule is to add a redirection agent rule in the configuration file of the reverse proxy server, and redirect the request of the main system to a specific page of the third party system.
The following description is given by way of a specific example:
1. opening a configuration file of Nginx: a configuration file for nmginx is opened using a text editor, for example:
sudo nano/etc/nginx/nginx.conf
2. adding reverse proxy rules in the configuration file: find the server block in the configuration file, and add the following configuration to it:
in the above configuration, two location blocks are defined, and the front end page and the back end interface address of the main system are respectively processed, where:
front page: configuring a root path/-in a location block, and mapping the requested root path to an index.html file under a/var/local/prod/h 5 directory;
rear-end interface address: and configuring paths with/web/beginning in another location block, and proxy requests of the paths to http:// localhost 8880/address of the system, and adding a response head in the location block, configuring the cross-domain request according to the response head, and allowing the cross-domain request to access the interface.
3. Save and exit the configuration file.
4. Reloading the nmginx configuration: the following commands are run to reload the nminbx configuration:
sudo systemctl reload nginx
after the above steps are completed, the Nginx will proxy the user request to the host system and proxy the request of the host system to the third party system.
When a user accesses the root URL (e.g., http:// localhost /) of the reverse proxy, nginx returns to the foreground page of the system. When a user accesses the reverse proxy server/web/path, nginx will proxy the request to the host system's http:// localhost 8880/address and proxy the host system's request to a third party system.
With such a configuration, the reverse proxy server acts as a middle tier, receiving the user's request and proxy to the host system. Meanwhile, the system is also provided with reverse proxy rules, and the request of the main system is proxied to the third party system, so that integration and data sharing between the systems are realized.
Specifically, in step S3, the manner of performing the user identity authentication on the reverse proxy server is basic identity authentication or token identity authentication, where:
the basic identity authentication is as follows: the user provides a user name and a password when requesting each time, the reverse proxy server matches the user name and the password with the pre-configured user information, if the matching is successful, the request is allowed to pass, and if the matching is unsuccessful, a 401Unauthorized response is returned;
the token identity authentication is as follows: after the user performs identity verification, the reverse proxy server sends a token to the user, the user sends the token to the reverse proxy server as identity credentials when requesting each time, the reverse proxy server verifies the validity of the token, if the token is valid, the verification is passed, otherwise, a 401Unauthorized response is returned.
The following description is given by way of a specific example:
1. opening a configuration file of Nginx: a configuration file for nmginx is opened using a text editor, for example:
sudo nano/etc/nginx/nginx.conf
2. adding reverse proxy rules and user identity authentication configuration in a configuration file: find the server block in the configuration file, and add the following configuration to it:
in the above configuration, listen 9999 denotes that the port to which nmginx listens is 9999. The location/auth is used to define the internal interface to process the user identity authentication request, and uses the internal instruction interface of Nginx. location@error401 defines an error handling page that returns a 401Unauthorized response when user authentication fails. location/URL used for intercepting all third party systems, and performing user identity authentication and proxy forwarding.
3. Save and exit the configuration file.
4. Reloading the nmginx configuration: the following commands are run to reload the nminbx configuration:
sudo systemctl reload nginx
after the above steps are completed, the nginnx listens for the request on the port 9999, and performs user identity authentication and proxy forwarding according to the configuration.
When a user accesses the root URL (e.g., http:// localhost:9999 /) of the reverse proxy, nginx forwards the request to the host system and performs user authentication before forwarding. The user authentication request is proxied to the internal interface/auth for processing. If the user authentication fails, nginx returns a 401Unauthorized response. If the user authentication is successful, nginx forwards the request to the real URL of the third party system.
With such a configuration, ng ix acts as a middle tier as a reverse proxy server, receiving a user's request and performing user authentication.
Specifically, in an embodiment of the present invention, step S4 includes:
the reverse proxy server transmits the user identity authentication information to a back-end Web server as a part of a request head;
and the back-end Web server acquires the user identity authentication information from the request header and carries out corresponding processing.
Step S4 further includes:
according to the information of user identity authentication, the back-end Web server receives the HTTP request of the/open/getVmUrl path, and parameters HttpServletRequest request and HttpServletResponse response are respectively set to represent the received HTTP request and the HTTP response to be sent;
verifying whether the user has authority access or not by using the customized verification logic, if the user has no authority, returning 401Unauthorized response, and if the user has authority, executing customized acquisition logic to acquire the real URL of the third party system;
and setting the acquired real URL of the third party system to the head of the response by a response.setHeader method to carry out HTTP response.
The following description is given by way of a specific example:
1. adding the configuration of the forwarding request header in the Nginx configuration file: in the configuration file of nginnx, the configuration blocks of the reverse proxy server (i.e., the configuration examples provided above) are found. In the location/paragraph in this configuration block, the following configuration is added:
proxy_set_headerAuthorization$http_authorization;
the above configuration transmits the request header authentication of the user identity authentication to the back-end Web server.
2. And modifying the realization of the getVmUrl method in the back-end Web server to acquire the user identity authentication information in the request header. In the logic to verify user rights and obtain the third party system URL, add the following configuration:
the above configuration obtains the user authentication information in the request header through the request. If the user rights verification fails, the response status code is set to 401. If verification is successful, other response heads may be set or other logic performed as desired.
3. Save and reload the nmginx configuration: save the nmginx configuration file and reload the configuration, run the following commands:
sudo systemctl reload nginx
after the steps are completed, the Nginx transmits the request header Authorization of the user identity authentication to the back-end Web server. The backend Web server may obtain this information through a request.getHeader ("Authorization"), and perform user identity authentication and processing as needed.
When a user request is forwarded to a back-end Web server through an Nginx reverse proxy server, the Nginx transmits a request header Authorization of user identity authentication to the back-end Web server. The backend Web server may obtain this information through a request.getHeader ("Authorization") and perform user identity authentication and processing according to custom logic. Based on the processing results, the backend Web server can set appropriate response status codes and response headers, as well as execute other business logic.
Specifically, in an embodiment of the present invention, the method further includes:
the reverse proxy server is utilized to manage the user session, ensuring that session consistency is maintained in the communication between the user and the back-end Web server.
The process of the reverse proxy server for managing the user session is as follows:
when a user performs authentication or establishes a session with an application, the reverse proxy server generates a unique session identifier.
In particular, the session identifier may be a random string or other unique identifier.
In each request of the user, the reverse proxy server transmits the session identifier as a parameter, a request header or a Cookie to the back-end Web server.
The specific manner of delivery depends on the configuration of the application and reverse proxy server.
As parameter transfer: the session identifier may be communicated to the backend Web server as part of the URL or in the form of a query parameter. For example, http:// band-server.com/session_id=abcd 1234.
As request header delivery: the session identifier may be passed to the back-end Web server as part of the request header. For example, authorization, beer abcd1234.
As Cookie transfer: the session identifier may be set to the Cookie value and sent with each request to the back-end Web server. For example, set-Cookie, session_id=abcd 1234.
The backend Web server, upon receiving the session identifier, associates it with the user's session state.
In particular, session storage mechanisms (such as memory, databases, or caches) may be used at the server side to store and manage session states. Through the session identifier, the backend Web server can identify the user and maintain its session state.
The reverse proxy server maintains consistency of sessions between the user and the back-end Web server.
Specifically, the reverse proxy server will pass the session identifier to each request of the back-end Web server, ensuring that the back-end server can correctly identify and process the user's session. In this way, the session state can be kept consistent regardless of which backend server the user's request passes through.
The reverse proxy server processes and destroys expired sessions.
In particular, whether a session has expired may be determined based on an expiration time of the session or other conditions. Once the session expires, the reverse proxy server may clear the session identifier and no longer pass the session identifier in subsequent requests. The backend Web server may also process the expired session state accordingly.
Through the above process, the reverse proxy server can manage the user session, and ensure that session consistency is maintained in the communication between the user and the back-end Web server. In this way, the application can be extended across multiple back-end servers, and the user's session state can be shared and kept consistent among the different servers.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, alternatives, and improvements that fall within the spirit and scope of the invention.
Claims (10)
1. A method for integrating a Web system based on a reverse proxy, comprising:
s1, configuring a reverse proxy server, taking the reverse proxy server as a middle layer, receiving a request of a user and proxy to a main system;
s2, configuring reverse proxy rules on a reverse proxy server, and proxy the request of the main system to a third party system;
s3, user identity authentication is carried out on the reverse proxy server;
and S4, after the user identity authentication is successful, the reverse proxy server transmits the user authentication information to the back-end Web server.
2. The method for integrating a Web system based on a reverse proxy of claim 1, wherein step S1 comprises:
selecting Nginx as a reverse proxy server, and installing and configuring the Nginx;
searching configuration items related to the reverse proxy in a configuration file of Nginx, and formulating addresses and ports of a main system and a third party system in the configuration items;
the address and port of the main system are the addresses and ports of the main system which allow the user to access, and the address and port of the third party system are the addresses and ports of the third party system which are integrated in a target way.
3. The method for integrating Web systems based on reverse proxy as claimed in claim 2, wherein in step S2, the reverse proxy rule is a URL mapping rule or a redirection rule;
wherein:
the URL mapping rule is to add the URL mapping rule in the configuration file of the reverse proxy server, and map the URL of the main system to the URL of the third party system;
the redirection rule is to add a redirection agent rule in the configuration file of the reverse proxy server, and redirect the request of the main system to a specific page of the third party system.
4. A method for integrating Web systems based on reverse proxy as claimed in claim 3, wherein two location blocks are defined in the configuration file of nginix, respectively processing the front-end page and the back-end interface address of the host system, wherein:
front page: configuring a root path/-in a location block, and mapping the requested root path to an index.html file under a/var/local/prod/h 5 directory;
rear-end interface address: and configuring paths with/web/beginning in another location block, and proxy requests of the paths to http:// localhost 8880/address of the system, and adding a response head in the location block, configuring the cross-domain request according to the response head, and allowing the cross-domain request to access the interface.
5. A method for integrating Web systems based on reverse proxy as claimed in claim 3, wherein in step S3, the manner of user authentication at the reverse proxy server is basic authentication or token authentication, wherein:
the basic identity authentication is as follows: the user provides a user name and a password when requesting each time, the reverse proxy server matches the user name and the password with the pre-configured user information, if the matching is successful, the request is allowed to pass, and if the matching is unsuccessful, a 401Unauthorized response is returned;
the token identity authentication is as follows: after the user performs identity verification, the reverse proxy server sends a token to the user, the user sends the token to the reverse proxy server as identity credentials when requesting each time, the reverse proxy server verifies the validity of the token, if the token is valid, the verification is passed, otherwise, a 401Unauthorized response is returned.
6. The method for integrating Web systems based on reverse proxy as claimed in claim 5, wherein the reverse proxy rule is URL mapping rule, and the configuring the reverse proxy server in the configuration file of nginnx, performing user identity authentication, comprises:
configuring a snoop port 9999 and mapping the request to the host system;
defining an internal interface/auth, processing a user identity authentication request by using the internal interface, wherein the internal interface uses an internal instruction of Nginx;
the error processing page is configured, and when the user identity authentication fails, a 401Unauthorized response is returned;
forwarding the request to a custom logic processing interface/web/open/getvmUrl of the host system by setting a variable $auth_request_uri, and passing a request parameter $args to the custom logic processing interface to process all the initial/beginning requests;
using an auth_request/auth instruction, sending the request to an internal interface/auth for user identity authentication;
using an auth_request_set instruction to store the authority check code returned by the internal interface and the real URL of the third party system into a variable $new_url;
an error page is configured, and when the user identity authentication fails, a 401Unauthorized response is returned;
the proxy_pass instruction is used to forward the request to the real URL of the third party system.
7. The method for integrating a Web system based on a reverse proxy of claim 5 wherein step S4 comprises:
the reverse proxy server transmits the user identity authentication information to a back-end Web server as a part of a request head;
and the back-end Web server acquires the user identity authentication information from the request header and carries out corresponding processing.
8. The method for reverse-proxy-based integration of a Web system of claim 7, wherein step S4 further comprises:
according to the information of user identity authentication, the back-end Web server receives the HTTP request of the/open/getVmUrl path, and parameters HttpServletRequest request and HttpServletResponse response are respectively set to represent the received HTTP request and the HTTP response to be sent;
verifying whether the user has authority access or not by using the customized verification logic, if the user has no authority, returning 401Unauthorized response, and if the user has authority, executing customized acquisition logic to acquire the real URL of the third party system;
and setting the acquired real URL of the third party system to the head of the response by a response.setHeader method to carry out HTTP response.
9. A method for integrating a Web system based on a reverse proxy as recited in claim 1, wherein the method further comprises: the reverse proxy server is utilized to manage the user session, ensuring that session consistency is maintained in the communication between the user and the back-end Web server.
10. The method for integrating Web systems based on reverse proxy of claim 9 wherein the process of managing user sessions by the reverse proxy server is:
when the user performs identity authentication or establishes a session with the application, the reverse proxy server generates a unique session identifier;
in each request of the user, the reverse proxy server transmits the session identifier to the back-end Web server in the form of parameters, request header or Cookie;
after receiving the session identifier, the back-end Web server associates the session identifier with the session state of the user;
the reverse proxy server maintains the consistency of the session between the user and the back-end Web server;
the reverse proxy server processes and destroys expired sessions.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311349914.4A CN117319480A (en) | 2023-10-18 | 2023-10-18 | Method for integrating Web system based on reverse proxy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311349914.4A CN117319480A (en) | 2023-10-18 | 2023-10-18 | Method for integrating Web system based on reverse proxy |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117319480A true CN117319480A (en) | 2023-12-29 |
Family
ID=89260114
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311349914.4A Pending CN117319480A (en) | 2023-10-18 | 2023-10-18 | Method for integrating Web system based on reverse proxy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117319480A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119676298A (en) * | 2025-02-19 | 2025-03-21 | 宝德计算机系统股份有限公司 | Automatic reverse proxy method and system for intranet server to access external network |
-
2023
- 2023-10-18 CN CN202311349914.4A patent/CN117319480A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119676298A (en) * | 2025-02-19 | 2025-03-21 | 宝德计算机系统股份有限公司 | Automatic reverse proxy method and system for intranet server to access external network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11665146B2 (en) | Migrating authenticated content towards content consumer | |
| CN107948203B (en) | A kind of container login method, application server, system and storage medium | |
| US7237030B2 (en) | System and method for preserving post data on a server system | |
| US9094398B2 (en) | Enhancing directory service authentication and authorization using contextual information | |
| US7225464B2 (en) | Method for verifying the identity of a user for session authentication purposes during Web navigation | |
| US7827318B2 (en) | User enrollment in an e-community | |
| US8966584B2 (en) | Dynamic authentication gateway | |
| US8332919B2 (en) | Distributed authentication system and distributed authentication method | |
| US5812784A (en) | Method and apparatus for supporting multiple, simultaneous services over multiple, simultaneous connections between a client and network server | |
| US7441263B1 (en) | System, method and computer program product for providing unified authentication services for online applications | |
| US8756429B2 (en) | Tunable encryption system | |
| CN115277234B (en) | Security authentication method and system based on Internet of things platform micro-service | |
| CN112468481A (en) | Single-page and multi-page web application identity integrated authentication method based on CAS | |
| US6785705B1 (en) | Method and apparatus for proxy chaining | |
| CN112788031A (en) | Envoy architecture-based micro-service interface authentication system, method and device | |
| CN113132402A (en) | Single sign-on method and system | |
| CN117319480A (en) | Method for integrating Web system based on reverse proxy | |
| CN108476199A (en) | A kind of system and method for detection and defence CC attacks based on token mechanism | |
| EP2077019B1 (en) | Secure access | |
| CN114024688B (en) | Network request method, network authentication method, terminal equipment and server | |
| CN119232800B (en) | CDN edge node access request processing method, device and computer equipment | |
| WO2012028168A1 (en) | Identity gateway | |
| CN116996316A (en) | System and method for authenticating services in online and instant mode | |
| CN117834255A (en) | Service resource access method and device based on centralized authorization | |
| WO2001057669A1 (en) | System, method and computer program product for enrolling and authenticating communication protocol-enabled clients for access to information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |