We are using nginx server for reverse proxying few micro-services. Every request has Authorization header containing JWT token. Now, what we need to do is extract user details from JWT token and log it on nginx server. Is there anyway to decode and log JWT? I looked into few lua scripts for authenticating request using JWT but that is not what we need. Also, we are trying to avoid using installing Lua on nginx server.
Any help would be greatly appreciated.
EDIT: We are fine with Lua based solution as well.
Relating to your problem and following the comments you could use the official Nginx Plus module to approach in the best way the task:
Authenticating API Clients with JWT and NGINX Plus
But this obviously cost money and in case you want something open-source you should check this project:
TeslaGov /ngx-http-auth-jwt-module
The above module, is working now a days, it's not easy as use the Nginx plus module but it's opensource.
To finish, relating to your Edition, here is a Lua solution.
ubergarm / openresty-nginx-jwt
I am not very into Lua and the project seems to be outdated due it doesn't receive an update since 2018, I share you the link in case you can found something useful from it.
I hope this helps to solve your problem, regards.
Related
I'm using com.microsoft.azure.kusto connect to kusto database for my project. However, my cluster is not in the format of <profile-name.region>. It's a proxy url (https://kusto.microsoft.com/). It doesn't seem to work and returns nothing. Just wondering does the library support connect to the proxy url?
Thank you.
Does the library support connecting to proxy url?
Please take a look at the comment by #Anera above.
Regardless, you can provide the authentication token to the client from the outside, using either AccessTokenTokenProvider or CallbackTokenProvider class. The audience to issue the token for should be "https://kusto.kusto.windows.net"
I'm using DocuSign's eSignature API. Rails app, server is nginx. I'm trying to get Mutual TLS working, with no luck so far. I used the instructions here.
I'm currently in DocuSign's sandbox - is there any reason Mutual TLS wouldn't work in the sandbox? I'm not seeing $ssl_client_fingerprint or $ssl_client_s_dn in my access_log.
Edit: I'm not getting any errors from nginx. Webhooks are working, I just don't see the client fingerprint, or $ssl_client_s_dn in my nginx logs. My lone question is: does mutual TLS with nginx work when webhook POSTs come from DocuSign's sandbox?
Edit 2: I figured out my issue. The nginx configuration was fine. I didn't have verify_ssl_host set to true when creating the DocuSign API client.
configuration = DocuSign_eSign::Configuration.new
configuration.host = base_path
configuration.verify_ssl_host = true # I was missing this
api_client = DocuSign_eSign::ApiClient.new(configuration)
Mutual TLS can work in the Developer Environment (also known as "Sandbox" or demo).
https://www.docusign.com/blog/dsdev-mutual-tls-stuff-know has more information about it.
If you need help with that - please provide more information about your issue.
I want to verify my pact against an API that has an https endpoint.
My request is timing out when I run the pact.
Does Pact.Net supports https verification or am I missing something?
Yes, it should be able to do this.
I'm going to guess that the https target is using a self-signed certificate. To work around that you can specify the following env vars to fix this:
To connect to a Pact Broker that uses custom SSL cerificates, set the environment variable $SSL_CERT_FILE or $SSL_CERT_DIR to a path that contains the appropriate certificate.
(see also https://github.com/pact-foundation/pact-ruby-standalone/releases)
You could enable debug logging to see what the process is doing, consult the docs on how to do that.
I am working on a project which uses nginx as web server, nginx by default logs request body. I need to log response body data in json format (response is itself in json format) but I cannot use any supporting tool like Lua etc. My client is not permitting it.
I did it using openresty but that is not approved.
Is it possible to achieve in simple nginx installation?
If yes, then please help me.
I have just started to learn OSGi. Recenly got stuck with an issue. How can I post data
to a HTTP server from an OSGi bundle without using external bundles/framework?
I will like to see code sample of a simple OSGI bundle which acts as a HTTP
client and can send a string to a HTTP server (tornado, in my case).
I have searched around a lot. But I got no direct solutions. There are restlets, Felix and all type of solutions. The only thing I want is to send data from an OSGi bundle to a HTTP server without using any external frameworks. Is it possible?
Please help me out.
Thanks in advance.
Posting data to an HTTP server has nothing to do with OSGi at all, plain Java is all you need.
If you want to go really barebones, you can use an HttpURLConnection to post your data. You can also choose a little more comfort, and use the Apache HttpComponents Client.