I am using nginx 1.4.1 as reverse proxy for tomcat 7.0.33. Using LDAP
for
user authentication.
Everything works fine except one critical thing: the authenticated user
ID
does not get to tomcat. I see it in the Tomcat’s access log: it shows
“-”
where the ID is supposed to be.
I tried to set various header elements in nginx.conf, see below a
fragment
of it (I experimented with them, turning them on and off).
Using tcpdump, I confirmed that all the elements that I set indeed go to
the
HTTP request.
The same thing with Apache HTTPD works properly, but there we use AJP.
What am I missing? Any other header field I need to set?
Also, can anybody tell me how Tomcat retrieves the authenticated user ID
from the request header? What is that field exact name?
auth_ldap_url …
auth_ldap_binddn [email protected];
auth_ldap_binddn_passwd …;
auth_ldap “Enter your Windows/Network Login To Access MoonWeb”;
auth_ldap_require valid_user;
server {
listen mcny14.mooncapital.corp:8880;
server_name mcny14.mooncapital.corp;
location /moon/ {
#proxy_pass_header Set-Cookie;
#proxy_ignore_headers Expires Cache-Control;
proxy_redirect off;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-User $remote_user;
proxy_set_header Remote-User $remote_user;
proxy_set_header User $remote_user;
proxy_set_header REMOTE_USER $remote_user;
proxy_set_header X-URL-SCHEME https;
#proxy_set_header Authorization “”;
root mdocs;
proxy_pass http://mcny14:8801;
}
Posted at Nginx Forum: