Posting after x-accel-redirect

amvtek · March 5, 2010, 5:05pm

I am trying to address the following use case :

A ‘post request’ is send to Nginx which forward it to a first
upstream server “upstream 1”. “upstream 1” is in charge of
authenticating the request origin, and do some accounting in order to
determine if the request can be authorized …
If OK, we would like to terminate processing the request at “upstream
2”

What we have briefly tried :

internal redirect ( using x-accel-redirect) to “upstream 2”
how could we possibly “post” to this second “upstream 2” ?

Thank you for your help

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,60373,60373#msg-60373

amvtek · March 6, 2010, 9:58am

hi

use something like below to always have a GET request to your
authentication upstream. then let the authentication upstream return an
x-accell-redirect header. now if the original request was a post, it
will still be a post after the call to the auth upstream. so you could
do whatever you want with the authenticated request e.g. send it to
another upstream

cheers, bernd

# internal used for authentication
location ^~ "/authenticate" {
    proxy_pass http://yourauthbackend;
    proxy_intercept_errors on;
    proxy_method GET;
    proxy_pass_request_body off;
    proxy_set_header  Content-Length  '0';
    rewrite /authenticate(.*) $1;
    internal;
    break;
}

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,60373,60657#msg-60657

amvtek · March 6, 2010, 12:20pm

Nice.
However in the case we are chasing, /authenticate needs the body of the
request as it has to verify a digital signature calculated on it.

Thank you for your insight anyway.
Best,
Marc

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,60373,60684#msg-60684