Akh*_*air 10 r shiny shiny-server azure-active-directory azure-web-app-service
我目前正在将 R Shiny 应用程序部署到 Azure 应用服务,并通过 Active Directory 集成(似乎在幕后使用 Azure easyauth 代理)限制访问。
当我部署rocker/shiny:3.6.0orrocker/shiny:4.0.0容器以简单地查看“hello world”页面时,部署成功。
当我打开 Active Directory 身份验证时,网站挂起,然后返回一个500.
我在此消息的底部附上了错误日志,但我认为它没有关于我可以控制的事情的任何有用信息。
进一步调查表明,如果我部署rocker:shiny:3.5.2或低于,一切都按预期工作。如果我部署rocker/shiny:3.6.0或更高版本,我会得到一个500并且网站挂起。
rocker/shiny:3.5.3在这些问题中报告的症状中部署结果:
所以我很确定根本原因是不同的。
对我来说,这表明rocker/shiny:3.6.0包及以上的变化正在阻止身份验证工作,但恐怕这是我的调试能力停止的地方!
我的问题是 - 我真的只是做错了什么,这是一个已知问题,我如何报告它(以及向谁报告?!)。
谢谢你的帮助,
阿基尔
fail: Middleware[0]
Unhandled exception in request pipeline: System.Net.Http.HttpRequestException: An error occurred while sending the request.
---> System.IO.IOException: The response ended prematurely.
at System.Net.Http.HttpConnection.FillAsync()
at System.Net.Http.HttpConnection.ReadNextResponseHeaderLineAsync(Boolean foldedHeadersAllowed)
at System.Net.Http.HttpConnection.SendAsyncCore(HttpRequestMessage request, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.HttpConnection.SendAsyncCore(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithNtConnectionAuthAsync(HttpConnection connection, HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.DiagnosticsHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
at Microsoft.Azure.AppService.MiddlewareShim.Startup.ForwardRequestAsync(HttpContext context) in /EasyAuth/Middleware.Host/Startup.cs:line 197
at Microsoft.Azure.AppService.MiddlewareShim.Startup.OnRequest(HttpContext context) in /EasyAuth/Middleware.Host/Startup.cs:line 151
fail: Microsoft.AspNetCore.Server.Kestrel[13]
Connection id "...", Request id "...": An unhandled exception was thrown by the application.
System.Net.Http.HttpRequestException: An error occurred while sending the request.
---> System.IO.IOException: The response ended prematurely.
at System.Net.Http.HttpConnection.FillAsync()
at System.Net.Http.HttpConnection.ReadNextResponseHeaderLineAsync(Boolean foldedHeadersAllowed)
at System.Net.Http.HttpConnection.SendAsyncCore(HttpRequestMessage request, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.HttpConnection.SendAsyncCore(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithNtConnectionAuthAsync(HttpConnection connection, HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.DiagnosticsHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
at Microsoft.Azure.AppService.MiddlewareShim.Startup.ForwardRequestAsync(HttpContext context) in /EasyAuth/Middleware.Host/Startup.cs:line 197
at Microsoft.Azure.AppService.MiddlewareShim.Startup.OnRequest(HttpContext context) in /EasyAuth/Middleware.Host/Startup.cs:line 151
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application
有一个已知问题,某些最新版本的节点(或其他一些网络服务器)的标头最大容量为 8KB。
当您启用 EasyAuth 时,它会向请求添加一些大标头。
为了解决这个问题,您可以使用以下 2 种解决方案之一:
1. 使用WEBSITE_AUTH_DISABLE_IDENTITY_FLOW应用程序设置
设置此变量后,true它将禁用分配线程主体标识,这将删除添加到请求的最大标头之一X-MS-CLIENT-PRINCIPAL,该标头通常由 .NET Framework 和 Function 应用程序使用。
但是,它包含与 id_token 相同的声明。Base64 编码的 JSON 对象,我们可以对其进行解码以获取信息。如果您想直接访问 id_token JWT,可以使用X-MS-TOKEN-AAD-ID-TOKENheader。
参考: https://github.com/cgillum/easyauth/wiki/Advanced-Application-Settings
2. 提高表头大小限制
这可以使用变量来完成NODE_OPTIONS,如以下 github 问题中所述。
例子:NODE_OPTIONS=--max-http-header-size=16384
| 归档时间: |
|
| 查看次数: |
529 次 |
| 最近记录: |