NTLM sharepoint when use nginx reverse proxy

Francis Daly francis at daoine.org
Fri Mar 2 15:51:48 UTC 2018

On Fri, Mar 02, 2018 at 05:30:00AM -0500, sonpg wrote:

Hi there,

> my design is : enduser --> nginx -->  sites (sharepoint site:443, web:80;
> 443)
> if server listen in 80 will redirect to 443

That seems generally sensible.

> i try to use stream block but it can't use same port.

Ah: you have one nginx, but with one "stream { server { listen 80; } }"
and also one "http { server { listen 80; } }".

Yes, that will not work. (And is not a case I had imagined, when I sent
the previous mail.)

If you use both stream and http, they cannot both listen on the same ip:port.

You use "http" because you want nginx to reverse-proxy one or more
web sites. You use "stream" because you want nginx to reverse-proxy
one ntlm-authentication web site, and you know that nginx does not
reverse-proxy ntlm.

You use "stream" to send all inbound traffic to a specific backend server,
in order to get around nginx's lack of ntlm support. You can do that,
but you can not also use "http" on the same port, because that would
want to handle the same inbound traffic.

So you must choose to stop supporting the ntlm web site, or to stop
supporting more-than-one web site, or to use something other than nginx.

(Or to put the ntlm stream listener and the http listener on different
ip:ports -- you might be able to use multiple IP addresses, depending
on your setup.)

Francis Daly        francis at daoine.org

More information about the nginx mailing list