Forum: NGINX Basic authentication and reverse proxy

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
2107d4e4b544f904194507258a40cac1?d=identicon&s=25 John Moore (Guest)
on 2008-11-20 20:47
(Received via mailing list)
I'm using nginx (0.5.32) as a reverse proxy for Tomcat, and it's working
spectacularly well. There are some admin pages I want to protect,
initially just with Basic authentication, and I think I've set it up
right, but what I'm seeing puzzles me. Below is a simplified version of
my nginx.conf:

server {
        listen 80;

        location / {
            include /etc/nginx/proxy.conf;

        location /viewServers.htm {

            auth_basic "Restricted";
            auth_basic_user_file /etc/nginx/users;
            include /etc/nginx/proxy.conf;



Normally everything is proxied to the backend Tomcat server. What I want
now is for the /viewServers.htm page to be protected. It prompts for the
username and password and when these have been entered correctly, it
forwards the request, but evidently makes some change to it which I
can't work out, as it turns up at Tomcat as if it is just / (i.e.,
without the viewServers.htm), even though it is displayed in the browser
as /viewServers.htm (in the Tomcat access log, no such page is
recorded). If I remove the whole location /viewServers.htm... block, I
get a quite different (correct) page served.

Have I set this up right? What do I need to do to have basic
authentication working for a certain set of requests which nginx is to
forward to a back end server?
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2008-11-20 21:05
(Received via mailing list)

On Thu, Nov 20, 2008 at 07:39:59PM +0000, John Moore wrote:

>            include /etc/nginx/proxy.conf;
> now is for the /viewServers.htm page to be protected. It prompts for the
> forward to a back end server?
Guess you used

proxy_pass http://your-backend/;

in your proxy.conf (note the trailing '/').  This will replace
part of the uri matched by location with '/'.

Correct solution is to use proxy_pass without path component, i.e.

proxy_pass http://your-backend;

for details.

Maxim Dounin
2107d4e4b544f904194507258a40cac1?d=identicon&s=25 John Moore (Guest)
on 2008-11-21 00:16
(Received via mailing list)
Maxim Dounin wrote:
> proxy_pass http://your-backend;
Thanks, that's exactly right, that fixed it. It's strange, I've used
nginx for months now without this ever having been an issue before.

This topic is locked and can not be replied to.