Nginx - API Gateway is not forwarding the request to Auth Service

Maxim Dounin mdounin at
Mon Apr 10 12:12:37 UTC 2017


On Mon, Apr 10, 2017 at 04:42:25AM -0400, zaidahmd wrote:

> I am trying to implement the NGINX API gateway in nginx 1.10.3 community
> version. I am facing the issue that NGINX is not forwarding the request to
> authentication service. nginx configuration is pasted at the end of this
> thread.
> I have written authentication service which is listening for login requests
> on /login.
> My protected application has no login page and responds with 401 status if
> its tried to be accessed without login in authentication service.
> Now according to the nginx auth_request module, if the protected applicaiton
> throws 401 status then NGINX forwards the request to authentication service
> for login and after successful login the request is forwarded back to the
> backend server.

You misunderstood what auth_request does.  Instead, it issues a 
subrequest for every incoming request, and allows further 
processing of the request if and only if the subrequest returns 
200.  No attempts are made to look into the response returned for 
the original request, that is, "protected application".

Quoting the documentation,

: The ngx_http_auth_request_module module (1.5.4+) implements 
: client authorization based on the result of a subrequest.
: If the subrequest returns a 2xx response code, the access is 
: allowed. If it returns 401 or 403, the access is denied with the 
: corresponding error code. Any other response code returned by the 
: subrequest is considered an error.

That is, the only thing which is expected to happen in your 
configuration is a subrequest to "/login" for every request.  If 
this subrequest returns 200, access will be allowed for the 
original request.  If it returns anything else, access will be 

Maxim Dounin

More information about the nginx mailing list