Basic auth with rewrite issue

Hi all,

We are using nginx-0.6.35 and we have a kludge of a set for one of our
apps because it is only installed on one server in a pair. So we have an
odd setup for it:

server {
listen 80;
server_name dns.app1.com;
rewrite ^(.*)$ http://dns.app1.com:8888$1 permanent;
}

Both servers have this configuration and it works. But now i want to
introduce basic auth for the app, but i can not seem to get this to
work:

server {
listen 80;
server_name app-on-server-1.company.com;
rewrite ^(.*)$ http://app-on-server-1.company.com:8888$1 permanent;
location / {
auth_basic “Restricted”;
auth_basic_user_file passfile
}
}

I read in another post that auth and rewrite can’t be setup like this.
so now I am a bit stumped at how i would set this up. granted my
knowledge in this area is thin.

Ideally i would like to set something like this up where we don’t deal
with the permanent :8888 port on the url, but this doesn’t seem to work.
where both servers have this:

server {
listen 80;
server_name dns.app1.com;
location / {
auth_basic “Restricted”;
auth_basic_user_file passfile;
include /etc/nginx/common/proxy.conf;
proxy_pass http://10.4.5.6:8888;
break;
}
}

Any help

Thanks

Zach

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,41891,41891#msg-41891

On Fri, Jan 15, 2010 at 6:28 PM, zlegein [email protected] wrote:

 auth_basic_user_file passfile

listen 80;


nginx mailing list
[email protected]
http://nginx.org/mailman/listinfo/nginx

Zach,

“rewrite … permanent;” sends a location header to the client causing
them to redirect. Since you are redirecting all requests, the auth in
location / is never encountered. Instead, the auth should be located
in
app-on-server-1.company.com’s configuration. Also note that NginX is
not meant to be a very good forward proxy if you are not in control of
the other server’s configuration.

By the way, a slightly better way to rewrite all requests is like
this: “rewrite ^ http://destination$request_uri;”. No need to capture
what is already captured ;).

Thanks,
Merlin

Hi Merlin,

Thanks for the input, but i tried your suggestion of

server {
listen 80;
server_name app.dns.com;
auth_basic “Restricted”;
auth_basic_user_file passfile;
rewrite ^(.*)$ http://app.dns.com:7004$1 permanent;
}

But this still doesn’t prompt a login. Were you suggesting that I also,
drop the ‘permanent’?

Thanks
-zach

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,41891,43104#msg-43104

Hello!

On Tue, Jan 19, 2010 at 12:21:04PM -0500, zlegein wrote:

rewrite ^(.*)$ http://app.dns.com:7004$1 permanent;
}

But this still doesn’t prompt a login. Were you suggesting that I also, drop the ‘permanent’?

Rewrite directives are executed during rewrite phase, while
authorization - during access phase which happens later. So the
only solution is to change logic, i.e. to something like this:

location / {
auth_basic …
root /path/to/nowhere;
error_page 404 = @redirect;
}

location @redirect {
rewrite ^(.*)$ http://app.dns.com:7004$1 permanent;
}

Maxim D.

p.s. I see a little sense in this config though, as it only
protects domain name of a real server… and it will eventually
became public anyway. So real protection should be on real
server.