Forum: NGINX WebDAV with Authentication Layer

3db304b81322eaba18463ad6eba6a028?d=identicon&s=25 Nima Mohammadi (Guest)
on 2014-08-18 00:21
(Received via mailing list)
Hi folks,
I'm using Nginx as a WebDAV server using nginx-dav-ext-module. Now I
needed to add an authentication layer to the WebDAV server which
couldn't only be relying on a static htpasswd file. So I looked around
and found the ngx_http_auth_request_module of Maxim Dounin. Now, once a
request comes in, Nginx asks my web app, which is written in python
using Pyramid framework, to authenticate the user. When the method is
GET, PROPFIND, OPTION, DELETE, etc. it works very well, but the problem
is that in case the HTTP method is PUT, it fails! I'm sure the problem
isn't with the python code as the subrequest, which
ngx_http_auth_request is supposed to make, doesn't even reach my web
app. As soon as the auth_request line in the config file is commented,
uploading files with PUT works.
My configuration is as follows:

server {
 listen 8080;
 root /L/;
 charset utf-8;
 location /disks/ {
 auth_request /auth_webservice;
 client_body_temp_path /tmp/client-tmp 1 2;
 create_full_put_path on;
 client_max_body_size 2000m;
 dav_access user:rw group:rw all:r;
 dav_methods PUT DELETE MKCOL COPY MOVE;
 dav_ext_methods PROPFIND OPTIONS;
 }

 location /auth_webservice {
 proxy_pass http://127.0.0.1:6543/auth/webdav;
 proxy_pass_request_body off;
 proxy_set_header Content-Length "";
 proxy_set_header X-Original-URI $request_uri;
 proxy_set_header X-Original-Method $request_method;
 }
 location = /auth_open {
 return 204;
 }
 location / {
 uwsgi_pass unix:///tmp/uwsgi.sock;
 include uwsgi_params;
 }
}

It might be of interest to you to know that even when I change the
auth_request to /auth_open, PUT still fails with an HTTP error 500.
3db304b81322eaba18463ad6eba6a028?d=identicon&s=25 Nima Mohammadi (Guest)
on 2014-08-19 23:56
(Received via mailing list)
I've figured out the solution to my problem. I checked the error log of
nginx and saw the error below:

2014/08/20 01:55:06 [error] 3180#0: *1 client intended to send too large
body: 10573964 bytes, client: 172.16.2.1, server: , request: "PUT
/disks/pishte/music.mp3 HTTP/1.1", subrequest: "/auth_webservice", host:
"172.16.2.128:8080"
2014/08/20 01:55:06 [error] 3180#0: *1 auth request unexpected status:
413, client: 172.16.2.1, server: , request: "PUT /disks/pishte/music.mp3
HTTP/1.1", host: "172.16.2.128:8080"

But there has already been a client_max_body_size directive in the
location{} block. Also auth_basic with a htpasswd file worked fine with
large files. So I moved the client_max_body_size directive to the
server{} block, and voila! It works now!

-- Nima Mohammadi
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.