问题
When run moqui on 8080 port, and access it directly by api
curl -X GET -H "api_key: {apiKey}" http://localhost:8080/rest/s1/example/examples/TEST2
it returns json result of example TEST2.
But when nginx is put in front of mqoui application. proxy to http://localhost:8080, then the api access fails with 403
{
"errorCode": 403,
"errors": "User null is not authorized for View on REST Path /example/examples/{exampleId}\nCurrent artifact info: [name:'/example/examples/{exampleId}', type:'AT_REST_PATH', action:'AUTHZA_VIEW', required: true, granted:false, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\nCurrent artifact stack:\n[name:'/example/examples', type:'AT_REST_PATH', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'/example', type:'AT_REST_PATH', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'component://webroot/screen/webroot/rest.xml/s1', type:'AT_XML_SCREEN_TRANS', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'component://webroot/screen/webroot/rest.xml', type:'AT_XML_SCREEN', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'component://webroot/screen/webroot.xml', type:'AT_XML_SCREEN', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]"
}
It appears webFacade does not initialize userFacade by api_key successfully, since in errors user is null.
回答1:
Nginx disallows underscore _ in the header name by default. Moqui api use api_key or login_key that contains underscore, so the api_key or login_key header is not passed to backend moqui application.
Enable underscore in header name in nginx is simple, add
underscores_in_headers on;
in http or server directive in nginx configuration.
来源:https://stackoverflow.com/questions/37938957/rest-api-call-with-api-key-in-header-fails-if-nginx-is-proxying-moqui-applicatio