<div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div>Hi Francis,</div><div> Thanks very much for your point!</div><div> I have read some info from internet based on your suggestion,for my understanding:</div><div> when I login to one of the server <span style="font-family: arial; white-space: pre-wrap;">datanode02.bddev.test.net,set cookie like this:</span></div> server {<div> listen 80;</div><div> server_name <span style="font-family: arial; white-space: pre-wrap;">datanode02.bddev.test.net</span>;</div><div> error_log /var/log/nginx/error_for_bigdata.log info;</div><div> access_log /var/log/nginx/http_access_for_bigdata.log main;</div><div> auth_ldap "Restricted Space";</div><div> auth_ldap_servers bigdataldap;</div><div><br></div><div> location / {</div><div> proxy_pass http://<span style="font-family: arial; white-space: pre-wrap;">datanode02</span>:16010/;</div><div> more_clear_headers "X-Frame-options";</div><div><span style="color: rgb(255, 0, 0);"><span style="font-family: Consolas, "Bitstream Vera Sans Mono", "Courier New", Courier, monospace; font-size: 13px; white-space: pre; background-color: rgb(245, 245, 245);"> add_header Set-Cookie "myauth=true;Domain=</span><span style="font-family: arial; white-space: pre-wrap;">.bddev.test.net</span><span style="background-color: rgb(245, 245, 245); font-family: Consolas, "Bitstream Vera Sans Mono", "Courier New", Courier, monospace; font-size: 13px; white-space: pre;">;Path=/;Max-Age=31536000";</span></span></div><div> sub_filter_types *;</div><div> sub_filter_once off;</div><div> }</div><div>}</div><div><br></div><div>then in <span style="font-family: arial; white-space: pre-wrap;">datanode03.bddev.test.net configuration:</span></div><div> server {<div> listen 80;</div><div> server_name <span style="font-family: arial; white-space: pre-wrap;">datanode03.bddev.test.net</span>;</div><div> error_log /var/log/nginx/error_for_bigdata.log info;</div><div> access_log /var/log/nginx/http_access_for_bigdata.log main;</div><div><span style="color: rgb(255, 0, 0);">#this will skip the ldap auth</span></div><div><span style="color: rgb(255, 0, 0);">if ( $http_cookie ~* "myauth=true" ) {</span></div><div><span style="color: rgb(255, 0, 0);"> auth_ldap "Restricted Space";</span></div><div><span style="color: rgb(255, 0, 0);"> auth_ldap_servers bigdataldap;</span></div><div><span style="color: rgb(255, 0, 0);">}</span></div><div> location / {</div><div> proxy_pass http://<span style="font-family: arial; white-space: pre-wrap;">datanode03</span>:16010/;</div><div> more_clear_headers "X-Frame-options";</div><div><span style="color: rgb(255, 0, 0);"><span style="font-family: Consolas, "Bitstream Vera Sans Mono", "Courier New", Courier, monospace; font-size: 13px; white-space: pre; background-color: rgb(245, 245, 245);"> add_header Set-Cookie "myauth=true;Domain=</span><span style="font-family: arial; white-space: pre-wrap;">.bddev.test.net</span><span style="background-color: rgb(245, 245, 245); font-family: Consolas, "Bitstream Vera Sans Mono", "Courier New", Courier, monospace; font-size: 13px; white-space: pre;">;Path=/;Max-Age=31536000";</span></span></div><div> sub_filter_types *;</div><div> sub_filter_once off;</div><div> }</div><div>}</div></div>am I correct?<br><br><br><div style="position:relative;zoom:1"></div><div id="divNeteaseMailCard"></div><br><pre><br>At 2019-01-11 07:01:31, "Francis Daly" <francis@daoine.org> wrote:
>On Thu, Jan 10, 2019 at 05:14:17PM +0800, David Ni wrote:
>
>Hi there,
>
>> I have one requirement right now,we are using nginx with ldap auth
>...
>> my requirement is that whether datanode02.bddev.test.net datanode03.bddev.test.net
>can share cookies between each other,
>
>Read about http cookies, and the "domain" attribute/directive of them.
>
>If you decide that the benefits to you are worth more than the costs to
>you, then find whatever part of your system sets the cookies (creates
>the Set-Cookie: header), and change that to add a suitable "Domain=" string.
>
>That part of your system is probably not nginx-provided C-code.
>
>Good luck with it,
>
> f
>--
>Francis Daly francis@daoine.org
>_______________________________________________
>nginx mailing list
>nginx@nginx.org
>http://mailman.nginx.org/mailman/listinfo/nginx
</pre></div><br><br><span title="neteasefooter"><p> </p></span>