auth_request + php-fpm + POST request
Maxim Dounin
mdounin at mdounin.ru
Mon Apr 13 12:46:38 UTC 2015
Hello!
On Sat, Apr 11, 2015 at 09:21:30AM -0400, Arno0x0x wrote:
> Hi,
>
> I'm using the auth_request module to enable custom (2fa) authentication to
> protect my whole website, no matter the various applications I host on this
> website. So the auth_request directive is set at the "server" level.
>
> The authentication subrequest works fine, except for client POST requests
> where the php auth script holds forever until I get a timeout in the nginx
> error.log :
> "*1 upstream timed out (110: Connection timed out) while reading response
> header from upstream"
>
> It took me a while guessing why, but my guess is, from the debug trace I
> created, that the PHP script sees both a "content-length" and "content-type"
> in the HTTP headers, but the request body is not being sent to the auth
> scripts (there's no need anyway, all I need is the cookies).
>
> I had to trick the config to make it work, and that's what I'm sharing here,
> but I'd like to know if there's a more "standard" way to deal with this.
The recommended way can be seen in the example configuration in the
documentation:
location = /auth {
proxy_pass ...
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
Similar approach should work for fastcgi too, but you'll have
to avoid sending the CONTENT_LENGTH fastcgi param instead of the
Content-Length header.
http://nginx.org/en/docs/http/ngx_http_auth_request_module.html
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list