user with ssl-proxy, nginx problem

[Igor Sysoev]

On Thu, Feb 21, 2008 at 08:30:01AM +0100, G?bor Farkas wrote:

> i'm facing a strange problem here, maybe someone had
> experience with this before...
> 
> i have an nginx server, which server some files using HTTPS,
> and http-basic-auth.
> 
> because nginx had ssl-problems in the past, in the past we had this config:
> 
> - we had an apache server, listening on port 443, that got the requests,
> did the ssl-handling, and then proxied the request to nginx. so nginx 
> did not do any SSL-stuff.
> - and everything worked fine.
> 
> but now we switched to an nginx-only solution, and starting to have 
> problems with one user, who uses a https proxy.
> 
> in the past, for him the file-download worked this way:
> 
> - the java app requested the file, got a HTTP 401 (Unauthorized) response
> - so the java app requested the file again, but now it sent the 
> necessary username/password, and got the file (and a HTTP 200)
> - and all was ok
> 
> after we switched to the nginx-only solution, this is what happens:
> 
> - the java app requests the file, gets a http 400 (not 401)
> - so the java app retries, and gets the http 400 again
> - this happens 5 times, and then the java app gives up
> 
> in the nginx access log, i see 5 http 401 (Unauthorized) accesses, and i 
> see that the client did not send the username/password.
> 
> 
> also, an additional detail:
> 
> using a web-browser, the user is able to download from the server fine, 
> even when using the https proxy.
> 
> with this info, i would usually blame the java-app, but the strange 
> thing is, that in the past with the apache+nginx config, it worked fine.
> 
> i tried to migrate every setting from the apache-server to the nginx-server,
> even the ssl_cipher settings, but it did not help.

I need a debug log. You may send it privately.
Note, that username/password in log is in plain text encoded by base64,
so choose some dummy values.


-- 
Igor Sysoev
http://sysoev.ru/en/