invalid URL prefix errors - auth_request with proxy pass to https

Aaron Gooch eodgooch at
Thu May 15 21:01:13 UTC 2014

I want to authorize requests using a remote server that is using ssl. When
I make requests with https I get nginx errors but when I use http it works.
Now that I am writing this I'm thinking the issue is that the site isn't
using ssl so that could cause proxy pass fails.

Thanks in advance!


$ tail /var/log/nginx/error.log
2014/05/15 20:49:52 [error] 19355#0: *1 invalid URL prefix in "",
client:, server: localhost, request: "GET
HTTP/1.1", subrequest: "/iams_auth", host: ""
2014/05/15 20:49:52 [error] 19355#0: *1 auth request unexpected status: 500
while sending response to client, client:, server: localhost,
request: "GET
HTTP/1.1", host: ""

Ubuntu 14 LTS
Nginx info
$ /opt/nginx-1.6.0/sbin/nginx -V
nginx version: nginx/1.6.0
built by gcc 4.8.2 (Ubuntu 4.8.2-19ubuntu1)
configure arguments: --prefix=/opt/nginx-1.6.0
--conf-path=/etc/nginx/nginx.conf --sbin-path=/opt/nginx-1.6.0/sbin/nginx

server block:
server {

  listen          80; ## listen for ipv4; this line is default and implied
  server_name     localhost;

  gzip on;

  # authorization key to use with iam. set this to a default valid key.
  set $valid_key "Basic
  set $iams_server ""

  location ~ ^/api/v1/dataset {
      if ($request_method != GET) {
        set $auth_request_uri "?permissions=create_dataset";
      if ($request_method = GET) {
        set $auth_request_uri "?permissions=list_dataset";

      auth_request /iams_auth;

      proxy_set_header Host $http_host;
      proxy_redirect off;
      proxy_set_header Server-Addr $server_addr;

      proxy_pass http://app_server;

  location /iams_auth {
        proxy_pass $iams_server$auth_request_uri;
        proxy_pass_request_body off;
        proxy_set_header Content-Length "";
        proxy_set_header X-Original-URI $request_uri;
        # We would like to use authentication but not enforce it upon our
users immediately, therefore...
        # If the user does not provide basic authorization we will use the
default valid key variable.
        # If the user does provide basic auth, pass that value along
instead of the default valid key.
        if ($remote_user != ''){
            set $valid_key $http_authorization;
        proxy_set_header Authorization $valid_key;
        proxy_pass_request_headers      on;

upstream app_server {

        server unix:/tmp/ids-api.sock;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list