Nginx - API Gateway is not forwarding the request to Auth Service
Maxim Dounin
mdounin at mdounin.ru
Mon Apr 10 12:12:37 UTC 2017
Hello!
On Mon, Apr 10, 2017 at 04:42:25AM -0400, zaidahmd wrote:
> I am trying to implement the NGINX API gateway in nginx 1.10.3 community
> version. I am facing the issue that NGINX is not forwarding the request to
> authentication service. nginx configuration is pasted at the end of this
> thread.
>
> I have written authentication service which is listening for login requests
> on /login.
> My protected application has no login page and responds with 401 status if
> its tried to be accessed without login in authentication service.
>
> Now according to the nginx auth_request module, if the protected applicaiton
> throws 401 status then NGINX forwards the request to authentication service
> for login and after successful login the request is forwarded back to the
> backend server.
You misunderstood what auth_request does. Instead, it issues a
subrequest for every incoming request, and allows further
processing of the request if and only if the subrequest returns
200. No attempts are made to look into the response returned for
the original request, that is, "protected application".
Quoting the documentation,
http://nginx.org/en/docs/http/ngx_http_auth_request_module.html:
: The ngx_http_auth_request_module module (1.5.4+) implements
: client authorization based on the result of a subrequest.
: If the subrequest returns a 2xx response code, the access is
: allowed. If it returns 401 or 403, the access is denied with the
: corresponding error code. Any other response code returned by the
: subrequest is considered an error.
That is, the only thing which is expected to happen in your
configuration is a subrequest to "/login" for every request. If
this subrequest returns 200, access will be allowed for the
original request. If it returns anything else, access will be
denied.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list