Basic auth with rewrite issue

Hi all,

We are using nginx-0.6.35 and we have a kludge of a set for one of our
apps because it is only installed on one server in a pair. So we have an
odd setup for it:

server {
listen 80;
server_name dns.app1.com;
rewrite ^(.*)$ http://dns.app1.com:8888$1 permanent;
}

Both servers have this configuration and it works. But now i want to
introduce basic auth for the app, but i can not seem to get this to
work:

server {
listen 80;
server_name app-on-server-1.company.com;
rewrite ^(.*)$ http://app-on-server-1.company.com:8888$1 permanent;
location / {
auth_basic “Restricted”;
auth_basic_user_file passfile
}
}

I read in another post that auth and rewrite can’t be setup like this.
so now I am a bit stumped at how i would set this up. granted my
knowledge in this area is thin.

Ideally i would like to set something like this up where we don’t deal
with the permanent :8888 port on the url, but this doesn’t seem to work.
where both servers have this:

server {
listen 80;
server_name dns.app1.com;
location / {
auth_basic “Restricted”;
auth_basic_user_file passfile;
include /etc/nginx/common/proxy.conf;
proxy_pass http://10.4.5.6:8888;
break;
}
}

Any help

Thanks

Zach

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,41891,41891#msg-41891

On Fri, Jan 15, 2010 at 6:28 PM, zlegein [email protected] wrote:

 auth_basic_user_file passfile

listen 80;


nginx mailing list
[email protected]
http://nginx.org/mailman/listinfo/nginx

Zach,

“rewrite … permanent;” sends a location header to the client causing
them to redirect. Since you are redirecting all requests, the auth in
location / is never encountered. Instead, the auth should be located
in
app-on-server-1.company.com’s configuration. Also note that NginX is
not meant to be a very good forward proxy if you are not in control of
the other server’s configuration.

By the way, a slightly better way to rewrite all requests is like
this: “rewrite ^ http://destination$request_uri;”. No need to capture
what is already captured ;).

Thanks,
Merlin

Hi Merlin,

Thanks for the input, but i tried your suggestion of

server {
listen 80;
server_name app.dns.com;
auth_basic “Restricted”;
auth_basic_user_file passfile;
rewrite ^(.*)$ http://app.dns.com:7004$1 permanent;
}

But this still doesn’t prompt a login. Were you suggesting that I also,
drop the ‘permanent’?

Thanks
-zach

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,41891,43104#msg-43104

Hello!

On Tue, Jan 19, 2010 at 12:21:04PM -0500, zlegein wrote:

rewrite ^(.*)$ http://app.dns.com:7004$1 permanent;
}

But this still doesn’t prompt a login. Were you suggesting that I also, drop the ‘permanent’?

Rewrite directives are executed during rewrite phase, while
authorization - during access phase which happens later. So the
only solution is to change logic, i.e. to something like this:

location / {
auth_basic …
root /path/to/nowhere;
error_page 404 = @redirect;
}

location @redirect {
rewrite ^(.*)$ http://app.dns.com:7004$1 permanent;
}

Maxim D.

p.s. I see a little sense in this config though, as it only
protects domain name of a real server… and it will eventually
became public anyway. So real protection should be on real
server.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs