A question about mongrel, apache and authentication.
I've got a Rails site with I think a very typical setup: a mongrel
cluster behind an Apache proxy. So Apache's handling the static stuff
and it hands off dynamic content to mongrel. I want to put the site
temporarily behind Apache's basic authentication. What I get when I
do this is that is a password prompt which prevents all of the images,
stylesheets and other static files from being loaded unless
authenication passes, but anything mongrel handles is not.
Specifically, a user can just keep hitting "Cancel" at the
browser-generated password prompt and he/she will see that rails
generated content without ever entering any credentials. No styling
and no images, but they do see content. How can I fix it? Mongrel
does not seem to be honoring the authentication (and frankly, I don't
know if it can). Here's my apache config:
<VirtualHost *:80>
ServerAdmin me@mysite.com
DocumentRoot /www/mysite/current/public
ServerName www.mysite.com
ErrorLog /www/mysite/logs/mysite.error.log
CustomLog /www/mysite/logs/mysite.access.log combined
<Directory "/www/mysite/current/public">
Options FollowSymLinks
AllowOverride AuthConfig Limit
Order allow,deny
Allow from all
AuthType Basic
AuthName "Restricted"
AuthBasicProvider file
AuthUserFile /www/mysite/users/userdb
Require valid-user
</Directory>
RewriteEngine On
# Check for maintenance file and redirect all requests
# ( this is for use with Capistrano's disable_web task )
RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f
RewriteCond %{SCRIPT_FILENAME} !maintenance.html
RewriteRule ^.*$ /system/maintenance.html [L]
# Rewrite index to check for static
RewriteRule ^/$ /index.html [QSA]
# Rewrite to check for Rails cached page
RewriteRule ^([^.]+)$ $1.html [QSA]
# Redirect all non-static requests to cluster
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ balancer://mongrel_cluster%{REQUEST_URI} [P,QSA,L]
# Deflate
AddOutputFilterByType DEFLATE text/html text/plain text/css
# ... text/xml application/xml application/xhtml+xml text/javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
<Proxy balancer://mongrel_cluster>
BalancerMember http://127.0.0.1:8000
BalancerMember http://127.0.0.1:8001
BalancerMember http://127.0.0.1:8002
</Proxy>
</VirtualHost>
on 2008-01-23 16:12
on 2008-01-23 16:24
You need put password directives in proxy balancer: <Proxy balancer://mongrel_cluster> BalancerMember http://127.0.0.1:8000 BalancerMember http://127.0.0.1:8001 BalancerMember http://127.0.0.1:8002 AuthType Basic AuthName "Restricted" AuthBasicProvider file AuthUserFile /www/mysite/users/userdb Require valid-user </Proxy> Regards Sean Brown escribió:
on 2008-08-29 11:07
Hello Sean, Did this solution in the proxy balancer posted by rafael worked for you ? because it seems that applying that, I have no authentication anymore .... Did you find any solution for this problem ? Regards, Antoine
on 2008-08-29 13:08
Antoine Antoine escribió: > > > Hi Antoine, When you want protect an application with basic authentication you need protect the static content (served by apache) and dinamic content (served by mongrel). A complete example: ==== foo.conf (vhost config file) <Proxy balancer://foo_cluster> BalancerMember http://127.0.0.1:8008 AuthType Basic AuthName "foo authentication" AuthUserFile /usr/local/apache2/conf/passwords Require user bar </Proxy> <VirtualHost *:80> ServerName foo.com ServerAlias *.foo.com DocumentRoot /home/foo/current/public <Directory "/home/foo/current/public"> Options FollowSymLinks AllowOverride None Order allow,deny Allow from all AuthType Basic AuthName "foo" AuthUserFile /usr/local/apache2/conf/passwords Require user bar </Directory> RewriteEngine On # Check for maintenance file and redirect all requests # ( this is for use with Capistrano's disable_web task ) RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f RewriteCond %{SCRIPT_FILENAME} !maintenance.html RewriteRule ^.*$ /system/maintenance.html [L] # Redirect all non-static requests to cluster RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f #RewriteCond %{REQUEST_FILENAME} !\. RewriteCond %{REQUEST_FILENAME} (^[^\.]*$)|(.format:js) RewriteRule ^/(.*)$ balancer://foo_cluster%{REQUEST_URI} [P,QSA,L] # Deflate AddOutputFilterByType DEFLATE text/html text/plain text/css # ... text/xml application/xml application/xhtml+xml text/javascript BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html </VirtualHost> === /usr/local/apache2/conf/passwords passwords file is created: # htpasswd -c /usr/local/apache2/conf/passwords bar Add new user: # htpasswd /usr/local/apache2/conf/passwords baz
on 2008-08-29 14:52
Thanks rafael for your fast reply,
But I tried to apply that and I still have the problem. Here is my
situation.
----------------------------------------------------------------------
<Proxy *>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order Allow,Deny
Allow from all
Deny from env=blockAccess
AcceptPathInfo Off
Satisfy Any
</Proxy>
<VirtualHost *:80>
ServerName my.servername.com
..... # this virtual host doesn't have anymore authentication
# and with mongrel_cluster ....
</VirtualHost>
<VirtualHost *:80>
ServerName my.servername.com
.....
DocumentRoot /..../public/
<Directory /..../public/ >
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order Allow,deny
Allow from all
Deny from env=blockAccess
AuthType Basic
AuthName "Version Foo"
AuthUserFile "/mypath/to/.htpasswd"
require valid-user
</Directory>
<Proxy balancer://my.server_cluster>
BalancerMember http://localhost:4000
AuthType Basic
AuthName "Version Foo"
AuthUserFile "/mypath/to/.htpasswd"
require valid-user
</Proxy>
[.....]
</VirtualHost>
----------------------------------------------------------------------
Maybe that's due to my <proxy *> in front of it no ?
on 2008-08-29 18:56
Antoine Antoine escribió: > ---------------------------------------------------------------------- > > Maybe that's due to my <proxy *> in front of it no ? > It could be because apache read config files sequentially and maybe give priority to proxy * but I don't know really. Try to comment it.
on 2008-10-23 10:42
Please try using the following in your apache httpd.conf file. ProxyPass / balancer://balancer-manager/ ProxyPassReverse / balancer://balancer-manager/ ProxyPass images balancer://balancer-manager/images ProxyPass javascripts balancer://balancer-manager/javascripts ProxyPass stylesheets balancer://balancer-manager/stylesheets in virtualhost block.
Enable email notification
Enable multi-page viewPlease log in before posting. Registration is free and takes only a minute.
Existing account
(Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
Log in with Google account | Log in with Yahoo account
No account? Register here.