JumpServer 版本 3.10.10
运行方式:前端Nginx用于反向解析,后端2个jumpserver web集群+Redis+DB
浏览器: Chrome, Opera
从浏览器登录经过前端Nginx,在页面修改增加删除任何东西都会报错CSRF Failed: CSRF token missing. 前端启用证书和URL,
前端log *275 client canceled stream 25 while sending request to upstream, client: 192.168.0.1, server: testing.abc.com, request: “DELETE /api/v1/authentication/user-session/ HTTP/2.0”, upstream: “http://192.168.2.1:80/api/v1/authentication/user-session/”, host: “testing.abc.com”, referrer: “https://testing.abc.com/ui/”
后端Nginx log没有任何有价值信息
请教如何解?谢谢
求助各位大神,开发者模式看到的具体报错是
{“detail”:“CSRF Failed: CSRF token missing.”,“code”:“permission_denied”}
后端Nginx按照官方建议配置
server {
listen 80;
server_name demo.jumpserver.org; # 自行修改成你的域名
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name demo.jumpserver.org; # 自行修改成你的域名
ssl_certificate sslkey/1_jumpserver.org_bundle.crt; # 自行设置证书
ssl_certificate_key sslkey/2_jumpserver.org_bundle.key; # 自行设置证书
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_protocols TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security “max-age=63072000” always;
client_max_body_size 4096m; # 录像及文件上传大小限制
location / {
# 这里的 ip 是后端 JumpServer nginx 的 ip
proxy_pass http://192.168.244.144;
proxy_http_version 1.1;
proxy_buffering off;
proxy_request_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' '*';
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-CSRFToken';
在后端Nginx配置里加了跨域头,重启后还是不行 