Python tornado user authentication and then reverse proxy through apache

Question

Python tornado user authentication and then reverse proxy through apache

I implement two-way SSL authentication and then additional authentication through Kerberos , after which I redirect the user to the internal server through a reverse proxy.

i.e:

SSL auth <--> Apache Server + kerberos auth using login/password <--reverse proxy-->> internal server

Currently this setting works:

Now my idea is to use this configuration as I can control user behavior through Tornado

 SSL auth <--> Apache server <---> Tornado webserver for kerberos auth <---> reverse proxy <---> internal server

And I have SSL authentication and Kerberos authentication .

However, how can I tell Tornado about changing proxy(apache) to an internal server?

+6

python linux tornado apache kerberos

krisdigitx Mar 31 '15 at 16:23

source share

1 answer

Ben darnell · Answer 1 · 2015-04-01T23:14:46+0000

Tornado does not have built-in reverse proxy functions, but in the simplest case, the reverse proxy is just a RequestHandler that passes through the HTTP client:

 class ReverseProxyHandler(RequestHandler): @gen.coroutine def get(self): resp = AsyncHTTPClient().fetch(self.convert_url(self.request), headers=self.request.headers) self.set_status(resp.code) for k,v in resp.headers.get_all(): self.add_header(k, v) self.write(resp.body)

This can be a lot more complicated than depending on your requirements. This is just a simple thing to build if you can be sure that your internal server is not doing anything complicated.

Python tornado user authentication and then reverse proxy through apache

More articles: