使用nginx反向代理Archery后登录报403问题解决方法

发表于: 分类于:
字数:348 阅读:≈ 1分钟 浏览:

使用nginx反向代理archery后,登录时会报403禁止登录,打开浏览器开发者模式可以看到是csrf校验不通过引起的。去 archery github 查看源码,在settings.py 里面可以看到有csrf相关配置:

# https://docs.djangoproject.com/en/4.0/ref/settings/#csrf-trusted-origins
CSRF_TRUSTED_ORIGINS = env("CSRF_TRUSTED_ORIGINS")

# CSRF_TRUSTED_ORIGINS=subdomain.example.com,subdomain.example2.com subdomain.example.com
CSRF_TRUSTED_ORIGINS=(list, [])

看来只需要在环境变量里将域名加入到信任列表就可以了 我的archery是通过docker-compose部署的,查看docker-compose.yml文件

archery:
    image: hhyo/archery:v1.9.1
    container_name: archery
    restart: always
    ports:
      - "9123:9123"
    volumes:
      - "./archery/settings.py:/opt/archery/local_settings.py"
      - "./archery/soar.yaml:/etc/soar.yaml"
      - "./archery/docs.md:/opt/archery/docs/docs.md"
      - "./archery/downloads:/opt/archery/downloads"
      - "./archery/sql/migrations:/opt/archery/sql/migrations"
      - "./archery/logs:/opt/archery/logs"
      - "./archery/keys:/opt/archery/keys"
    entrypoint: "dockerize -wait tcp://192.168.50.80:3306 -wait tcp://192.168.50.80:6379 -timeout 60s /opt/archery/src/docker/startup.sh"
    env_file:
      - .env

环境变量是写在同文件夹下的.env文件里的,修改.env文件,找到CSRF_TRUSTED_ORIGINS配置项,把域名追加上去就行了,记得加上protocol,我第一次就是没有加上http://导致没有成功

CSRF_TRUSTED_ORIGINS=http://127.0.0.1:9123,http://archery.starcloud.cc,https://archery.starcloud.cc

改完后执行

docker-compose -f docker-compose.yml up -d

启动后再次登录,问题解决