Mod_auth_request + php5-fpm gives error 504 on POST requests, GET requests are okay

refghbn · February 24, 2013, 12:33am

Setup: php5-fpm listening on socket + nginx 1.2.6

Wanted to use mod_auth_request for www authentication. Works fine for
GET
requests, POST requests time out with error 504.

Error log:
2013/02/24 00:13:03 [error] 24004#0: *13 auth request unexpected status:
504
while sending to client, client: 80.187.106.XXX, server: xxx.net,
request:
“POST /test.php HTTP/1.1”, host: “xxx.net”, referrer:
“https://xxx.net/test.php”

With GET, as stated, and when testing the subrequest script directly,
everything works fine. Gives 201/401 header, empty body as it should.

      location ~ \.php$ {

              root /var/www;

              fastcgi_pass    unix:/var/run/php5-fpm.sock;
             fastcgi_index  index.php;
             fastcgi_intercept_errors on;
              error_page 404 /index.html;

              fastcgi_param DOCUMENT_ROOT   /var/www;
              fastcgi_param SCRIPT_FILENAME

/var/www$fastcgi_script_name;
fastcgi_param PATH_TRANSLATED
/var/www$fastcgi_script_name;

             include /etc/nginx/fastcgi.conf;

             auth_request /authenticator/www.php;
     }

     location = /authenitcator/www.php {
             fastcgi_pass unix:/var/run/php5-fpm.sock;
             fastcgi_param SCRIPT_FILENAME

/var/www$fastcgi_script_name;
fastcgi_param PATH_TRANSLATED
/var/www$fastcgi_script_name;
}

Does anyone have an idea?

/refghbn

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,236524,236524#msg-236524

refghbn · February 24, 2013, 6:54pm

Hello!

On Sat, Feb 23, 2013 at 06:32:45PM -0500, refghbn wrote:

Setup: php5-fpm listening on socket + nginx 1.2.6

Wanted to use mod_auth_request for www authentication. Works fine for GET
requests, POST requests time out with error 504.

By “mod_auth_request” you mean auth request module, as available
from http://mdounin.ru/hg/ngx_http_auth_request_module?

              fastcgi_param PATH_TRANSLATED
/var/www$fastcgi_script_name;
fastcgi_param PATH_TRANSLATED
/var/www$fastcgi_script_name;
}

Does anyone have an idea?

You have a typo in location, “authenITcator” instead of
“authenTIcator”. This results in “location ~ .php$” being used
for auth requests instead of dedicated one.

In “location ~ .php$” it doesn’t work for POST requests but times
out instead as auth request doesn’t have request body (it’s not
yet read from a client), but there will be Content-Length header.
This might confuse backend’s code, and in general you should have
something equivalent to the following line from README:

proxy_set_header Content-Length "";

I.e. for fastcgi you should not provide fastcgi_param
CONTENT_LENGTH.

–
Maxim D.
http://nginx.com/support.html