d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
8b67fcbda1f1ae7940bd8863772be93bc4b3ab45
proxmox/scripts/configure-nginx-jwt-auth-FINAL-STATUS.md
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

2.2 KiB
Raw Blame History

Nginx JWT Auth Configuration - Final Status

Configuration Complete

The nginx JWT authentication has been successfully configured using the Python-based approach.

Issues Fixed

  1. Lua Module: nginx-extras doesn't include Lua in Ubuntu 22.04 - switched to Python-based validation
  2. Package Installation: Fixed locale warnings and package installation errors
  3. Port Conflict: Removed incorrect listen 127.0.0.1:8888 from nginx config (port 8888 is for Python service only)
  4. Service Startup: nginx now starts successfully

Configuration Details

  • VMID: 2501
  • Hostname: besu-rpc-2
  • IP: 192.168.11.251
  • HTTP Domain: rpc-http-prv.d-bis.org
  • WS Domain: rpc-ws-prv.d-bis.org
  • JWT Secret: /etc/nginx/jwt_secret
  • Python Validator: /usr/local/bin/jwt-validate.py (running on port 8888)
  • Nginx Config: /etc/nginx/sites-available/rpc-perm

Service Status

nginx: Running and configured Python JWT Validator: Running on port 8888 Health Check: /health endpoint working JWT Authentication: Configured via auth_request module

How It Works

  1. Client makes request to nginx with Authorization: Bearer <token> header
  2. nginx uses auth_request to proxy to Python validator on port 8888
  3. Python validator checks JWT token validity
  4. If valid, request proceeds to backend (port 8545)
  5. If invalid, returns 401 Unauthorized

Testing

# Health check (no auth required)
curl -k https://rpc-http-prv.d-bis.org/health

# RPC call without token (should fail)
curl -k -X POST https://rpc-http-prv.d-bis.org/ \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'

# RPC call with valid JWT token (should succeed)
curl -k -X POST https://rpc-http-prv.d-bis.org/ \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <your-jwt-token>" \
  -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'

Scripts Used

  • Primary: configure-nginx-jwt-auth-simple.sh (Python-based, recommended)
  • Alternative: configure-nginx-jwt-auth.sh (Lua-based, not available on Ubuntu 22.04)

Completion Time

December 26, 2025 - Configuration completed and verified

Reference in New Issue View Git Blame Copy Permalink