Nginx & Digest authentication

I have a NGINX that sits in front of my application. I have digest
authentication enabled for the application. Id like a set up where when
a user connects to NGINX using Digest, NGINX simply proxies this request
to my application where the actual authentication happens. The
authentication logic is already available in the application and I just
want the NGINX to forward the headers correctly to the app.

Could someone help me on how to accomplish this?

Regards,
Arun

Hello!

On Tue, Aug 11, 2015 at 03:35:19AM +0000, Arun John (arujohn) wrote:

I have a NGINX that sits in front of my application. I have
digest authentication enabled for the application. I’d like a
set up where when a user connects to NGINX using Digest, NGINX
simply proxies this request to my application where the actual
authentication happens. The authentication logic is already
available in the application and I just want the NGINX to
forward the headers correctly to the app.

Could someone help me on how to accomplish this?

Just use proxy_pass, see http://nginx.org/r/proxy_pass.


Maxim D.
http://nginx.org/

Hi,

Thanks for the suggestion. I tried using proxy_pass, but it didnt help
much.

Please find my settings

upstream my_backend {
server 127.0.0.1:8083;
}

location / {

proxy_pass http://my_backend;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_pass_request_headers on;

       if ($request_method = GET ) {
          rewrite ^/(perf-log-.+)$ /uploads/perf/$1 break;
          root /opt/test/files;

}

   }

Is there any issue with my configs?

Regards,
Arun

On 8/11/15, 6:39 PM, “nginx on behalf of Maxim D.”

Hi Edho,

The get requests were failing and nginx was not forwarding the headers
required for the authentication. The result was same as before. I have
shared the configs. May be I am missing some minor configurations?

When I switch the nginx off and directly access the application,
everything works fine and able to authenticate.

Regards,
Arun

On 8/11/15, 7:06 PM, “nginx on behalf of Edho A.”

On Tue, Aug 11, 2015 at 10:29 PM, Arun John (arujohn)
[email protected] wrote:

Hi,

Thanks for the suggestion. I tried using proxy_pass, but it didn¹t help
much.

I think it would help if you explain the problem in more detail than
just “didn’t help much”.

Hello!

On Tue, Aug 11, 2015 at 01:49:37PM +0000, Arun John (arujohn) wrote:

The “get” requests were failing and nginx was not forwarding the headers
required for the authentication. The result was same as before. I have
shared the configs. May be I am missing some minor configurations?

Please define “the headers required for the authentication”. If
you think some headers are not passed, it would be good idea to
look into what happens on the wire to be specific. Debug log
should be enough to see detailed info about headers send/received,
see here:

http://nginx.org/en/docs/debugging_log.html

Altrenatively, you can use tcpdump to see what actually happens on
the wire.

Note though, that Digest authentication can be easily screwed up
by URI changes. Your configuration suggests that you are trying
to change some URIs. Make sure you aren’t testing with these URIs
you are trying to change. Or, better yet, try with just
proxy_pass and nothing more, as initially suggested.


Maxim D.
http://nginx.org/

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs