auth_request and auth_request_set confusion ...

Maxim Dounin mdounin at mdounin.ru
Mon Apr 22 21:02:21 UTC 2013 

Hello!

On Mon, Apr 22, 2013 at 12:23:59PM +0200, Dale Gallagher wrote:

> Hi
> 
> I'd appreciate it if someone could enlighten me as to why the following
> isn't working as expected. I'm trying to make the proxying to php dynamic -
> in other words, depending on the authenticated user, requests will be
> proxied to that user's PHP socket.
> 
> Both the login and auth locations are proxied to a Perl Dancer app.
> 
> Here's the auth app's /auth route:
> 
> get '/auth' => sub {
>     if (session('user') && session('time')) {
>         my $time_now = time;
>         if ($time_now - session('time') < config->{'session_timeout'}) {
>             session 'time' => $time_now;
>             header 'X-Auth-User' => session('user');
>             status 'ok';
>         }
>         else {
>             header 'X-Error-Page' => '/login/session_expired';
>             status 'forbidden';
>         }
>     }
>     else {
>         header 'X-Error-Page' => '/login/not_authorised';
>         status 'forbidden';
>     }
> };
> 
> nginx.conf snippet:
> 
> location /login {
>     expires -1;
>     proxy_set_header Host $host;
>     proxy_pass http://127.0.0.1:3000;
>     proxy_redirect http://$host https://$host;
> }
> 
> location /auth {
>     internal;
>     expires -1;
>     proxy_set_header Host $host;
>     proxy_pass http://127.0.0.1:3001;
>     proxy_pass_request_body off;
>     proxy_redirect http://$host https://$host;
>     proxy_set_header Content-Length "";
> }
> 
> location /protected {
>     error_page 401 403 $error_page;
>     expires -1;
>     set $auth_user = 'none';
>     auth_request /auth;
>     auth_request_set $error_page $upstream_http_x_error_page;
>     auth_request_set $auth_user $upstream_http_x_auth_user;
> 
>     location ~* \.php {
>       fastcgi_pass   unix:/srv/web/$auth_user/sock/php-5.3.22.sock;
>       fastcgi_index  index.php;
>       fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
>       fastcgi_param  FILES_ROOT /srv/web/$auth_user/site;
>       include        fastcgi_params;
>     }
> }
> 
> The error_page works, when the Dancer app returns forbidden, but no matter
> what I've tried to use the X-Auth_User header on the /auth app returning
> 200, I can't seem to coax nginx into passing it onto anything, be it a
> rewrite, or the above listed \.php location stanza.
> 
> Any pointers would be appreciated.

Could you please show debug log?

See http://nginx.org/en/docs/debugging_log.html for more 
information.

-- 
Maxim Dounin
http://nginx.org/en/donation.html

More information about the nginx mailing list