waringid opened a new issue #2164: URL: https://github.com/apache/apisix-dashboard/issues/2164
### Issue description 在 dashboard 中增加路由转发记录到主机地址报 403 错误 ### Expected behavior dashboard 无法通过域名方式直接访问 ### How to Reproduce 将 apisix 配置为互联网接入网关,需求是通过输入 http://waringid.xx.me 实现访问 dashboard 的目的 1、apisix 配置为监听 80 和 443 端口 2、dashboard 配置为监听 8003 端口 3、通过 外网IP:8003 端口的方式页面和登录正常 但是 /usr/loca/apisix/log/access.log 中无登录日志记录(日志类型默认) 4、通过 waringid.xx.me:8003 的方式登录正常,但是查看 “Raw Data Editor” 的功能时无法正常显示(步骤3正常)。其中 dashboard 的 error.log 显示“2021-10-11T11:26:33.121+0800 WARN store/store.go:148 data not found by key: 376199883826135746” 5、通过 waringid.xx.me 登录提示 “Request Error Code: undefined 用户得到授权,但是访问是被禁止的。”。apisix 日志提示 403 6、尝试改写路由的主机头为 127.0.0.1 和步骤5类似 ### Screenshots 1、上游服务器 `{ "nodes": [ { "host": "127.0.0.1", "port": 8003, "weight": 1 } ], "timeout": { "connect": 6, "send": 6, "read": 6 }, "type": "least_conn", "scheme": "http", "pass_host": "node", "name": "Upstream-dashboard", "keepalive_pool": { "idle_timeout": 60, "requests": 1000, "size": 320 } }` 2、路由配置 `{ "uri": "/*", "name": "Route-dashboard", "methods": [ "GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "OPTIONS", "CONNECT", "TRACE" ], "host": "dashboard.xx.me", "plugins": { "proxy-rewrite": { "host": "127.0.0.1" } }, "upstream_id": "376075005185753794", "status": 1 }` 3、apisix access.log 提示 `103.149.162.121 - - [11/Oct/2021:11:27:46 +0800] dashboard.xx.me "POST /apisix/admin/user/login HTTP/1.1" 403 552 0.000 "http://dashboard.xxx.me/user/login?redirect=/"; "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36" - - - "http://dashboard.xx.me"` 4、apisix error.log 提示 `2021/10/11 11:27:46 [error] 19914#19914: *230392 access forbidden by rule, client: 103.149.162.121, server: _, request: "POST /apisix/admin/user/login HTTP/1.1", host: "dashboard.xx.me", referrer: "http://dashboard.xx.me/user/login?redirect=/"` 5、dashboard access.log 提示 无 6、dashboard error.log 提示 无 7、127.0.0.1:8003 访问正常 `curl -I http://127.0.0.1:8003 HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Authorization Access-Control-Allow-Methods: * Access-Control-Allow-Origin: * Content-Length: 6712 Content-Type: text/html; charset=utf-8 Last-Modified: Tue, 07 Sep 2021 10:52:07 GMT X-Request-Id: 415c60ca-3776-4945-9de8-874e1c50560b Date: Mon, 11 Oct 2021 03:34:07 GMT ` 8、etcd 访问正常 `etcdctl --endpoints=127.0.0.1:2379 get / --prefix --keys-only /apisix/consumers/ /apisix/data_plane/server_info/8c464942-cdc1-4b52-a339-d8020f98ebce /apisix/global_rules/ /apisix/plugin_configs/ /apisix/plugin_metadata/ /apisix/plugins/ ` ### Environment - apisix version (cmd: `apisix version`): 2.10 - OS (cmd: `uname -a`): Centos7 3.10.0-1160.2.2.el7.x86_64 - OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`):nginx version: openresty/1.19.9.1 - etcd version, if have (cmd: run `etcd --version`):etcd Version: 3.4.17 - apisix-dashboard version, if have:2.8 - Browser version, if have:chrome-93.0.4577.82-x64 ### Additional context _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
