Invalid URL prefix errors - auth_request with proxy pass to https

I want to authorize requests using a remote server that is using ssl.
When
I make requests with https I get nginx errors but when I use http it
works.
Now that I am writing this I’m thinking the issue is that the site isn’t
using ssl so that could cause proxy pass fails.

Thanks in advance!

Aaron

$ tail /var/log/nginx/error.log
2014/05/15 20:49:52 [error] 19355#0: *1 invalid URL prefix in "
https://iam.ids.enernoc.net/api/v1/key/validation?permissions=dataset_DATQUAL1_read",
client: 10.100.1.157, server: localhost, request: “GET
/api/v1/dataset/DATQUAL1?ids=17228629&start_dttm=1382486700&end_dttm=1382573100&gran=fivemin&ts_format=iso-8601&resp_format=json
HTTP/1.1”, subrequest: “/iams_auth”, host: “10.160.1.52”
2014/05/15 20:49:52 [error] 19355#0: *1 auth request unexpected status:
500
while sending response to client, client: 10.100.1.157, server:
localhost,
request: “GET
/api/v1/dataset/DATQUAL1?ids=17228629&start_dttm=1382486700&end_dttm=1382573100&gran=fivemin&ts_format=iso-8601&resp_format=json
HTTP/1.1”, host: “10.160.1.52”

Ubuntu 14 LTS
Nginx info
$ /opt/nginx-1.6.0/sbin/nginx -V
nginx version: nginx/1.6.0
built by gcc 4.8.2 (Ubuntu 4.8.2-19ubuntu1)
configure arguments: --prefix=/opt/nginx-1.6.0
–conf-path=/etc/nginx/nginx.conf
–sbin-path=/opt/nginx-1.6.0/sbin/nginx
–with-http_auth_request_module

server block:
server {

listen 80; ## listen for ipv4; this line is default and
implied
server_name localhost;

gzip on;

authorization key to use with iam. set this to a default valid key.

set $valid_key “Basic
ZjNqejZNZlZTVDZuNWpjQjhLcEVkWXd3TnJqeng1VnJQQ0FYYU03V3pCY2dMU0F4Og==”;
set $iams_server “https://iam.ids.enernoc.net/api/v1/key/validation

location ~ ^/api/v1/dataset {
if ($request_method != GET) {
set $auth_request_uri “?permissions=create_dataset”;
}
if ($request_method = GET) {
set $auth_request_uri “?permissions=list_dataset”;
}

  auth_request /iams_auth;

  proxy_set_header Host $http_host;
  proxy_redirect off;
  proxy_set_header Server-Addr $server_addr;

  proxy_pass http://app_server;
}

location /iams_auth {
resolver 10.160.0.2;
proxy_pass $iams_server$auth_request_uri;
proxy_pass_request_body off;
proxy_set_header Content-Length “”;
proxy_set_header X-Original-URI $request_uri;
# We would like to use authentication but not enforce it upon
our
users immediately, therefore…
# If the user does not provide basic authorization we will use
the
default valid key variable.
# If the user does provide basic auth, pass that value along
instead of the default valid key.
if ($remote_user != ‘’){
set $valid_key $http_authorization;
}
proxy_set_header Authorization $valid_key;
proxy_pass_request_headers on;
}
}

upstream app_server {

    server unix:/tmp/ids-api.sock;

}

Hello!

On Thu, May 15, 2014 at 05:01:13PM -0400, Aaron Gooch wrote:

I want to authorize requests using a remote server that is using ssl. When
I make requests with https I get nginx errors but when I use http it works.
Now that I am writing this I’m thinking the issue is that the site isn’t
using ssl so that could cause proxy pass fails.

[…]

$ /opt/nginx-1.6.0/sbin/nginx -V
nginx version: nginx/1.6.0
built by gcc 4.8.2 (Ubuntu 4.8.2-19ubuntu1)
configure arguments: --prefix=/opt/nginx-1.6.0
–conf-path=/etc/nginx/nginx.conf --sbin-path=/opt/nginx-1.6.0/sbin/nginx
–with-http_auth_request_module

SSL support in proxy module requires nginx to be compiled with
ngx_http_ssl_module.


Maxim D.
http://nginx.org/

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs