Nonstandard Response Headers

Brendan Schwartz bschwartz at tropist.com
Tue Jan 22 06:51:57 MSK 2008 

On Jan 20, 2008 11:34 PM, Eden Li <eden at mojiti.com> wrote:

> if i understand correctly, you need to terminate the "local backend"
> request at nginx before passing back data to the client.
>
>  1. end user asks for protected content from nginx
>  2. nginx asks for auth token from "local backend"
>  3. nginx proxies the rest of the connection from (1) attaching the
> auth token from (2) to the request.
>
> you probably need more than nginx for this.   you might be able to
> shove step (2) into an embedded perl module, but most likely you'll
> need to do this in an fcgi handler or somesuch.
>

Eden, yes, you have it correct.

The fundamental problem here is around passing the auth token header to the
remote proxy.
It appears that when using X-Accel-Redirect, nginx will not pass headers
generated by the backend through to the redirect target.

Igor, do I have this right?


>
> On Jan 21, 2008 10:54 AM, Brendan Schwartz <bschwartz at tropist.com> wrote:
> >
> > On Jan 20, 2008 4:07 PM, Manlio Perillo <manlio_perillo at libero.it>
> wrote:
> > > Brendan Schwartz ha scritto:
> > >
> > > > On Dec 29, 2007 5:48 PM, Evan Miller <emmiller at gmail.com> wrote:
> > > >> Brendan Schwartz wrote:
> > > >>> Is there a way to get Nginx to send nonstandard response headers (
> e.g.
> > > >>> "User-Header"); it looks like they're being filtered.
> > > >>>
> > > >>> Thanks,
> > > >>> Brendan
> > > >> Check out the proxy_pass_header directive.
> > > >>
> > > >> http://wiki.codemongers.com/NginxHttpProxyModule#proxy_pass_header
> > > >>
> > > >> Evan
> > > >>
> > > >
> > > > This doesn't seem to be working for me. Here's an example of what
> I'm
> > > > trying to accomplish:
> > > >
> > > > I have a local backend that returns a response that includes
> > > > X-Accel-Redirect, Authorization, and Some-Other-Header headers among
> > > > others.
> > > > And I have a /remote-proxy location whose job it is to proxy the
> > > > X-Accel-Redirect to a remote server.
> > > > See example configuration below.
> > > >
> > > > I would like the proxy-pass request to the remote server to include
> > > > the Authorization and Some-Other-Header headers that were returned
> in
> > > > the local backend upstream response.
> > > >
> > > > I've tried to use the proxy_pass_header directive, but haven't had
> > > > much luck as my "custom" headers aren't being passed to the remote
> > > > proxy server.
> > > >
> > > > Am I using these directives correctly? Is what I'm trying to do
> impossible?
> > > >
> > > > Thanks,
> > > > Brendan
> > > >
> > > >
> > > >
> ---------------------------------------------------------------------
> > > > server {
> > > >
> > > >   # standard config ...
> > > >
> > > >     location /remote-proxy/ {
> > > >       internal;
> > > >
> > > >       proxy_set_header  X-Real-IP  $remote_addr;
> > > >
> > > >       # needed for HTTPS
> > > >       proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
> > > >       proxy_set_header Host remote.server.com;
> > > >       proxy_redirect false;
> > > >       proxy_max_temp_file_size 0;
> > > >
> > > >       rewrite ^/remote-proxy/(.*)$ /$1 break;
> > > >       proxy_pass https://remote.server.com;
> > >
> > > Here, instead of using a rewrite, try with
> > >
> > >          proxy_pass https://remote.server.com/remote-proxy/
> > >
> > >
> > > >     }
> > > >
> > > >     location / {
> > > >
> > > >       proxy_set_header  X-Real-IP  $remote_addr;
> > > >
> > > >       # needed for HTTPS
> > > >       proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
> > > >       proxy_set_header Host $http_host;
> > > >       proxy_redirect false;
> > > >       proxy_max_temp_file_size 0;
> > > >
> > > >       proxy_pass_header Authorization;
> > > >       proxy_pass_header Some-Other-Header;
> > > >
> > > >       proxy_pass http://local_backend_upstream;
> > > >
> > > >    }
> > > > }
> > > >
> > >
> > >
> > > I'm not sure to understand what you are trying to do.
> > > But try with:
> > >
> > >         set $authorization upstream_http_authorization;
> > >         set $some_other upstream_http_some_other_header;
> > >
> > > in the / location
> > >
> > > and:
> > >
> > >         proxy_set_header Authorization $authorization;
> > >         proxy_set_header Some-Other-Header $some_other;
> > >
> > > in the remote-proxy location
> > >
> > >
> > > However I'm rather sure that this will not work :).
> > >
> > >
> > > Manlio Perillo
> > >
> > >
> >
> > Manlio,
> >
> > Unfortunately this doesn't seem to work. "set $authorization
> > upstream_http_authorization;" sets the $authorization variable to the
> > string "upstream_http_authorization". If I change the line to "set
> > $authorization $upstream_http_authorization;", it doesn't work either.
> > I think that's because in Location / the Authorization header isn't
> > set yet -- it's set by the local backend.
> >
> > I'm trying to use nginx as a proxy for a remote server. But in order
> > to access the content on the remote server, I need to pass an
> > Authorization header to it. The local backend is able to produce valid
> > authorization tokens.
> >
> > So here's what I want to happen: the local backend produces an
> > Authorization header which is then passed to the remote server
> > backend. The remote server accepts the authorized request and returns
> > the protect content to nginx which passes it on to the end user.
> >
> > Does this make sense?
> >
> > Thanks,
> > Brendan
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20080121/dee4dec5/attachment.html>

More information about the nginx mailing list