Forum: NGINX WebDAV with Authentication Layer

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
3db304b81322eaba18463ad6eba6a028?d=identicon&s=25 Nima Mohammadi (Guest)
on 2014-08-18 00:21
(Received via mailing list)
Hi folks,
I'm using Nginx as a WebDAV server using nginx-dav-ext-module. Now I
needed to add an authentication layer to the WebDAV server which
couldn't only be relying on a static htpasswd file. So I looked around
and found the ngx_http_auth_request_module of Maxim Dounin. Now, once a
request comes in, Nginx asks my web app, which is written in python
using Pyramid framework, to authenticate the user. When the method is
GET, PROPFIND, OPTION, DELETE, etc. it works very well, but the problem
is that in case the HTTP method is PUT, it fails! I'm sure the problem
isn't with the python code as the subrequest, which
ngx_http_auth_request is supposed to make, doesn't even reach my web
app. As soon as the auth_request line in the config file is commented,
uploading files with PUT works.
My configuration is as follows:

server {
 listen 8080;
 root /L/;
 charset utf-8;
 location /disks/ {
 auth_request /auth_webservice;
 client_body_temp_path /tmp/client-tmp 1 2;
 create_full_put_path on;
 client_max_body_size 2000m;
 dav_access user:rw group:rw all:r;
 dav_ext_methods PROPFIND OPTIONS;

 location /auth_webservice {
 proxy_pass_request_body off;
 proxy_set_header Content-Length "";
 proxy_set_header X-Original-URI $request_uri;
 proxy_set_header X-Original-Method $request_method;
 location = /auth_open {
 return 204;
 location / {
 uwsgi_pass unix:///tmp/uwsgi.sock;
 include uwsgi_params;

It might be of interest to you to know that even when I change the
auth_request to /auth_open, PUT still fails with an HTTP error 500.
3db304b81322eaba18463ad6eba6a028?d=identicon&s=25 Nima Mohammadi (Guest)
on 2014-08-19 23:56
(Received via mailing list)
I've figured out the solution to my problem. I checked the error log of
nginx and saw the error below:

2014/08/20 01:55:06 [error] 3180#0: *1 client intended to send too large
body: 10573964 bytes, client:, server: , request: "PUT
/disks/pishte/music.mp3 HTTP/1.1", subrequest: "/auth_webservice", host:
2014/08/20 01:55:06 [error] 3180#0: *1 auth request unexpected status:
413, client:, server: , request: "PUT /disks/pishte/music.mp3
HTTP/1.1", host: ""

But there has already been a client_max_body_size directive in the
location{} block. Also auth_basic with a htpasswd file worked fine with
large files. So I moved the client_max_body_size directive to the
server{} block, and voila! It works now!

-- Nima Mohammadi
This topic is locked and can not be replied to.