Basic authentication and reverse proxy

Maxim Dounin mdounin at mdounin.ru
Thu Nov 20 22:56:47 MSK 2008


Hello!

On Thu, Nov 20, 2008 at 07:39:59PM +0000, John Moore wrote:

> I'm using nginx (0.5.32) as a reverse proxy for Tomcat, and it's working  
> spectacularly well. There are some admin pages I want to protect,  
> initially just with Basic authentication, and I think I've set it up  
> right, but what I'm seeing puzzles me. Below is a simplified version of  
> my nginx.conf:
>
> server {
>        listen 80;
>
>        location / {
>            include /etc/nginx/proxy.conf;
>        }
>          location /viewServers.htm {
>                      auth_basic "Restricted";
>            auth_basic_user_file /etc/nginx/users;
>            include /etc/nginx/proxy.conf;
>                  }
>
>    }
>
> Normally everything is proxied to the backend Tomcat server. What I want  
> now is for the /viewServers.htm page to be protected. It prompts for the  
> username and password and when these have been entered correctly, it  
> forwards the request, but evidently makes some change to it which I  
> can't work out, as it turns up at Tomcat as if it is just / (i.e.,  
> without the viewServers.htm), even though it is displayed in the browser  
> as /viewServers.htm (in the Tomcat access log, no such page is  
> recorded). If I remove the whole location /viewServers.htm... block, I  
> get a quite different (correct) page served.
>
> Have I set this up right? What do I need to do to have basic  
> authentication working for a certain set of requests which nginx is to  
> forward to a back end server?

Guess you used

proxy_pass http://your-backend/;

in your proxy.conf (note the trailing '/').  This will replace 
part of the uri matched by location with '/'.

Correct solution is to use proxy_pass without path component, i.e.

proxy_pass http://your-backend;

See http://wiki.codemongers.com/NginxHttpProxyModule#proxy_pass 
for details.

Maxim Dounin





More information about the nginx mailing list