Help - Nginx Azure Auth

HARISH KUMAR Ivaturi harishkumarivaturi at gmail.com
Thu Nov 26 05:49:05 UTC 2020


Tlsv1.2

On Thu 26 Nov, 2020, 6:42 AM HARISH KUMAR Ivaturi, <
harishkumarivaturi at gmail.com> wrote:

> Once try this.
>
>
> https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/
>
> And configure again with auth proxy module
>
> On Thu 26 Nov, 2020, 6:17 AM Pavan P, <pavan45 at gmail.com> wrote:
>
>> Yes Harish, Certificate is working fine.
>>
>> root at ip-172-31-33-18:~# nginx -V
>> nginx version: nginx/1.10.3 (Ubuntu)
>> built with OpenSSL 1.0.2g  1 Mar 2016
>> TLS SNI support enabled
>> configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong
>> -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2'
>> --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now'
>> --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf
>> --http-log-path=/var/log/nginx/access.log
>> --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock
>> --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body
>> --http-fastcgi-temp-path=/var/lib/nginx/fastcgi
>> --http-proxy-temp-path=/var/lib/nginx/proxy
>> --http-scgi-temp-path=/var/lib/nginx/scgi
>> --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit
>> --with-ipv6 --with-http_ssl_module --with-http_stub_status_module
>> --with-http_realip_module --with-http_auth_request_module
>> --with-http_addition_module --with-http_dav_module --with-http_geoip_module
>> --with-http_gunzip_module --with-http_gzip_static_module
>> --with-http_image_filter_module --with-http_v2_module
>> --with-http_sub_module --with-http_xslt_module --with-stream
>> --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads
>> (base) root at ip-172-31-33-18:~#
>>
>> On Thu, Nov 26, 2020 at 10:43 AM HARISH KUMAR Ivaturi <
>> harishkumarivaturi at gmail.com> wrote:
>>
>>> 1) once type nginx -V and send rhe output.
>>>
>>> 2) certificate - certificate.cert
>>> Certificate_key - certificate.key
>>>
>>> Once recheck the certs section and make sure that you have generated
>>> with certificates with openssl properly.
>>>
>>> BR
>>> Harish Kumar
>>>
>>> On Thu 26 Nov, 2020, 5:27 AM Pavan P, <pavan45 at gmail.com> wrote:
>>>
>>>> Hi Harish,
>>>> Below is the config of my nginx. Https module is configured fine.
>>>> Please let me know if I have missed anything.
>>>>
>>>> server {
>>>>     server_name ci1.altlifelab.com;
>>>>
>>>>     location / {
>>>>       proxy_set_header        Host $host:$server_port;
>>>>       proxy_set_header        X-Real-IP $remote_addr;
>>>>       proxy_set_header        X-Forwarded-For
>>>> $proxy_add_x_forwarded_for;
>>>>       proxy_set_header        X-Forwarded-Proto $scheme;
>>>>
>>>>
>>>>       # Fix the "It appears that your reverse proxy set up is broken"
>>>> error.
>>>>       proxy_pass          http://127.0.0.1:9080;
>>>>       proxy_read_timeout  90;
>>>>
>>>>       proxy_redirect      http://127.0.0.1:9080
>>>> http://www.ci1.altlifelab.com;
>>>>
>>>>       # Required for new HTTP-based CLI
>>>>       proxy_http_version 1.1;
>>>>       proxy_request_buffering off;
>>>>       # workaround for
>>>> https://issues.jenkins-ci1.org/browse/JENKINS-45651
>>>>       add_header 'X-SSH-Endpoint' 'ci1.altlifelab.com:50022' always;
>>>>     }
>>>>
>>>>     listen 443 ssl; # managed by Certbot
>>>>     ssl_certificate /etc/letsencrypt/live/
>>>> ci1.altlifelab.com/fullchain.pem; # managed by Certbot
>>>>     ssl_certificate_key /etc/letsencrypt/live/
>>>> ci1.altlifelab.com/privkey.pem; # managed by Certbot
>>>>     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by
>>>> Certbot
>>>>     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
>>>>
>>>>
>>>> }
>>>>
>>>> server {
>>>>     if ($host = ci1.altlifelab.com) {
>>>> #        return 301 https://$host$request_uri;
>>>> return 301
>>>> https://myapps.microsoft.com/signin/ci2/a825dd26-fed2-4423-ae69-6a7d457b4b44?tenantId=eb9970cc-4803-4f6a-9ad2-e9b46042c5fd
>>>> ;
>>>>     } # managed by Certbot
>>>>
>>>>
>>>>     listen 80;
>>>> server_name ci1.altlifelab.com;
>>>> return 301
>>>> https://myapps.microsoft.com/signin/ci2/a825dd26-fed2-4423-ae69-6a7d457b4b44?tenantId=eb9970cc-4803-4f6a-9ad2-e9b46042c5fd;
>>>>
>>>> }
>>>>
>>>> On Thu, Nov 26, 2020 at 5:04 AM HARISH KUMAR Ivaturi <
>>>> harishkumarivaturi at gmail.com> wrote:
>>>>
>>>>> I am not sure if you have configured nginx with https_module. Once try
>>>>> that. And also add proper headers in the nginx.conf like
>>>>>
>>>>> Listen 443 ssl;
>>>>> Certificates location
>>>>>
>>>>> BR
>>>>> Harish Kumar
>>>>>
>>>>> On Wed 25 Nov, 2020, 3:53 PM Pavan P, <pavan45 at gmail.com> wrote:
>>>>>
>>>>>> Hi,
>>>>>> I have configured nginx to authenticate with azure AD for login.
>>>>>>
>>>>>> When I access the site abc.example.com it redirects to Azure for
>>>>>> authentication and redirects me back once the authentication is complete.
>>>>>>
>>>>>> How ever when I try to access the site with https abc.example.com it
>>>>>> does not redirect for authentication.
>>>>>>
>>>>>> Is there anyway I can get both http and https to redirect for azure
>>>>>> auth.
>>>>>>
>>>>>> Regards,
>>>>>> Pavan
>>>>>>
>>>>>> _______________________________________________
>>>>>> nginx-devel mailing list
>>>>>> nginx-devel at nginx.org
>>>>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>>>>>
>>>>> _______________________________________________
>>>>> nginx-devel mailing list
>>>>> nginx-devel at nginx.org
>>>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>>>>
>>>> _______________________________________________
>>>> nginx-devel mailing list
>>>> nginx-devel at nginx.org
>>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>>>
>>> _______________________________________________
>>> nginx-devel mailing list
>>> nginx-devel at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>>
>> _______________________________________________
>> nginx-devel mailing list
>> nginx-devel at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20201126/b629b41a/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IMG_20201126_064826.jpg
Type: image/jpeg
Size: 66314 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20201126/b629b41a/attachment-0001.jpg>


More information about the nginx-devel mailing list