You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/10/11 03:36:52 UTC
[GitHub] [apisix-dashboard] waringid opened a new issue #2164: dashboard 路由转发报 403
waringid opened a new issue #2164:
URL: https://github.com/apache/apisix-dashboard/issues/2164
### Issue description
在 dashboard 中增加路由转发记录到主机地址报 403 错误
### Expected behavior
dashboard 无法通过域名方式直接访问
### How to Reproduce
将 apisix 配置为互联网接入网关,需求是通过输入 http://waringid.xx.me 实现访问 dashboard 的目的
1、apisix 配置为监听 80 和 443 端口
2、dashboard 配置为监听 8003 端口
3、通过 外网IP:8003 端口的方式页面和登录正常 但是 /usr/loca/apisix/log/access.log 中无登录日志记录(日志类型默认)
4、通过 waringid.xx.me:8003 的方式登录正常,但是查看 “Raw Data Editor” 的功能时无法正常显示(步骤3正常)。其中 dashboard 的 error.log 显示“2021-10-11T11:26:33.121+0800 WARN store/store.go:148 data not found by key: 376199883826135746”
5、通过 waringid.xx.me 登录提示 “Request Error Code: undefined 用户得到授权,但是访问是被禁止的。”。apisix 日志提示 403
6、尝试改写路由的主机头为 127.0.0.1 和步骤5类似
### Screenshots
1、上游服务器
`{
"nodes": [
{
"host": "127.0.0.1",
"port": 8003,
"weight": 1
}
],
"timeout": {
"connect": 6,
"send": 6,
"read": 6
},
"type": "least_conn",
"scheme": "http",
"pass_host": "node",
"name": "Upstream-dashboard",
"keepalive_pool": {
"idle_timeout": 60,
"requests": 1000,
"size": 320
}
}`
2、路由配置
`{
"uri": "/*",
"name": "Route-dashboard",
"methods": [
"GET",
"POST",
"PUT",
"DELETE",
"PATCH",
"HEAD",
"OPTIONS",
"CONNECT",
"TRACE"
],
"host": "dashboard.xx.me",
"plugins": {
"proxy-rewrite": {
"host": "127.0.0.1"
}
},
"upstream_id": "376075005185753794",
"status": 1
}`
3、apisix access.log 提示
`103.149.162.121 - - [11/Oct/2021:11:27:46 +0800] dashboard.xx.me "POST /apisix/admin/user/login HTTP/1.1" 403 552 0.000 "http://dashboard.xxx.me/user/login?redirect=/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36" - - - "http://dashboard.xx.me"`
4、apisix error.log 提示
`2021/10/11 11:27:46 [error] 19914#19914: *230392 access forbidden by rule, client: 103.149.162.121, server: _, request: "POST /apisix/admin/user/login HTTP/1.1", host: "dashboard.xx.me", referrer: "http://dashboard.xx.me/user/login?redirect=/"`
5、dashboard access.log 提示
无
6、dashboard error.log 提示
无
7、127.0.0.1:8003 访问正常
`curl -I http://127.0.0.1:8003
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization
Access-Control-Allow-Methods: *
Access-Control-Allow-Origin: *
Content-Length: 6712
Content-Type: text/html; charset=utf-8
Last-Modified: Tue, 07 Sep 2021 10:52:07 GMT
X-Request-Id: 415c60ca-3776-4945-9de8-874e1c50560b
Date: Mon, 11 Oct 2021 03:34:07 GMT
`
8、etcd 访问正常
`etcdctl --endpoints=127.0.0.1:2379 get / --prefix --keys-only
/apisix/consumers/
/apisix/data_plane/server_info/8c464942-cdc1-4b52-a339-d8020f98ebce
/apisix/global_rules/
/apisix/plugin_configs/
/apisix/plugin_metadata/
/apisix/plugins/
`
### Environment
- apisix version (cmd: `apisix version`): 2.10
- OS (cmd: `uname -a`): Centos7 3.10.0-1160.2.2.el7.x86_64
- OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`):nginx version: openresty/1.19.9.1
- etcd version, if have (cmd: run `etcd --version`):etcd Version: 3.4.17
- apisix-dashboard version, if have:2.8
- Browser version, if have:chrome-93.0.4577.82-x64
### Additional context
_No response_
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-dashboard] waringid commented on issue #2164: dashboard 路由转发报 403
Posted by GitBox <gi...@apache.org>.
waringid commented on issue #2164:
URL: https://github.com/apache/apisix-dashboard/issues/2164#issuecomment-939886670
dashboard 更新到 2.9 版本,问题相同。
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-dashboard] waringid edited a comment on issue #2164: dashboard 路由转发报 403
Posted by GitBox <gi...@apache.org>.
waringid edited a comment on issue #2164:
URL: https://github.com/apache/apisix-dashboard/issues/2164#issuecomment-940547796
> Hi, @waringid. **Please refer to the first step here to set another port for the Admin API.** [**documents**](https://apisix.apache.org/docs/apisix/FAQ/#how-to-access-apache-apisix-dashboard-through-apache-apisix-proxy)
>
> Since the Manager API in the dashboard shares the same URL path with the Admin API, you actually call APISIX when accessing the dashboard page. In AdminAPI, which is controlled by the configuration file‘s `allow_admin` property, so you received the 403 error returned by APISIX. (your actual request did not reach the dashboard Manager API)
参照说明在 apisix 的配置文件中增加
```yaml
apisix:
port_admin: 9180
```
配置后解决。
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-dashboard] waringid closed issue #2164: dashboard 路由转发报 403
Posted by GitBox <gi...@apache.org>.
waringid closed issue #2164:
URL: https://github.com/apache/apisix-dashboard/issues/2164
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-dashboard] waringid commented on issue #2164: dashboard 路由转发报 403
Posted by GitBox <gi...@apache.org>.
waringid commented on issue #2164:
URL: https://github.com/apache/apisix-dashboard/issues/2164#issuecomment-940547796
> Hi, @waringid. **Please refer to the first step here to set another port for the Admin API.** [**documents**](https://apisix.apache.org/docs/apisix/FAQ/#how-to-access-apache-apisix-dashboard-through-apache-apisix-proxy)
>
> Since the Manager API in the dashboard shares the same URL path with the Admin API, you actually call APISIX when accessing the dashboard page. In AdminAPI, which is controlled by the configuration file‘s `allow_admin` property, so you received the 403 error returned by APISIX. (your actual request did not reach the dashboard Manager API)
参照说明在 apisix 的配置文件中增加
`apisix:
port_admin: 9180 `
配置后解决。
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-dashboard] bzp2010 commented on issue #2164: dashboard 路由转发报 403
Posted by GitBox <gi...@apache.org>.
bzp2010 commented on issue #2164:
URL: https://github.com/apache/apisix-dashboard/issues/2164#issuecomment-940034514
Hi, @waringid.
**Please refer to the first step here to set another port for the Admin API.**
[**documents**](https://apisix.apache.org/docs/apisix/FAQ/#how-to-access-apache-apisix-dashboard-through-apache-apisix-proxy)
-----
Since the Manager API in the dashboard shares the same URL path with the Admin API, you actually call APISIX when accessing the dashboard page.
In AdminAPI, which is controlled by the configuration file‘s `allow_admin` property, so you received the 403 error returned by APISIX. (your actual request did not reach the dashboard Manager API)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org