Nonstandard Response Headers
Eden Li
eden at mojiti.com
Mon Jan 21 07:34:18 MSK 2008
if i understand correctly, you need to terminate the "local backend"
request at nginx before passing back data to the client.
1. end user asks for protected content from nginx
2. nginx asks for auth token from "local backend"
3. nginx proxies the rest of the connection from (1) attaching the
auth token from (2) to the request.
you probably need more than nginx for this. you might be able to
shove step (2) into an embedded perl module, but most likely you'll
need to do this in an fcgi handler or somesuch.
On Jan 21, 2008 10:54 AM, Brendan Schwartz <bschwartz at tropist.com> wrote:
>
> On Jan 20, 2008 4:07 PM, Manlio Perillo <manlio_perillo at libero.it> wrote:
> > Brendan Schwartz ha scritto:
> >
> > > On Dec 29, 2007 5:48 PM, Evan Miller <emmiller at gmail.com> wrote:
> > >> Brendan Schwartz wrote:
> > >>> Is there a way to get Nginx to send nonstandard response headers (e.g.
> > >>> "User-Header"); it looks like they're being filtered.
> > >>>
> > >>> Thanks,
> > >>> Brendan
> > >> Check out the proxy_pass_header directive.
> > >>
> > >> http://wiki.codemongers.com/NginxHttpProxyModule#proxy_pass_header
> > >>
> > >> Evan
> > >>
> > >
> > > This doesn't seem to be working for me. Here's an example of what I'm
> > > trying to accomplish:
> > >
> > > I have a local backend that returns a response that includes
> > > X-Accel-Redirect, Authorization, and Some-Other-Header headers among
> > > others.
> > > And I have a /remote-proxy location whose job it is to proxy the
> > > X-Accel-Redirect to a remote server.
> > > See example configuration below.
> > >
> > > I would like the proxy-pass request to the remote server to include
> > > the Authorization and Some-Other-Header headers that were returned in
> > > the local backend upstream response.
> > >
> > > I've tried to use the proxy_pass_header directive, but haven't had
> > > much luck as my "custom" headers aren't being passed to the remote
> > > proxy server.
> > >
> > > Am I using these directives correctly? Is what I'm trying to do impossible?
> > >
> > > Thanks,
> > > Brendan
> > >
> > >
> > > ---------------------------------------------------------------------
> > > server {
> > >
> > > # standard config ...
> > >
> > > location /remote-proxy/ {
> > > internal;
> > >
> > > proxy_set_header X-Real-IP $remote_addr;
> > >
> > > # needed for HTTPS
> > > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> > > proxy_set_header Host remote.server.com;
> > > proxy_redirect false;
> > > proxy_max_temp_file_size 0;
> > >
> > > rewrite ^/remote-proxy/(.*)$ /$1 break;
> > > proxy_pass https://remote.server.com;
> >
> > Here, instead of using a rewrite, try with
> >
> > proxy_pass https://remote.server.com/remote-proxy/
> >
> >
> > > }
> > >
> > > location / {
> > >
> > > proxy_set_header X-Real-IP $remote_addr;
> > >
> > > # needed for HTTPS
> > > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> > > proxy_set_header Host $http_host;
> > > proxy_redirect false;
> > > proxy_max_temp_file_size 0;
> > >
> > > proxy_pass_header Authorization;
> > > proxy_pass_header Some-Other-Header;
> > >
> > > proxy_pass http://local_backend_upstream;
> > >
> > > }
> > > }
> > >
> >
> >
> > I'm not sure to understand what you are trying to do.
> > But try with:
> >
> > set $authorization upstream_http_authorization;
> > set $some_other upstream_http_some_other_header;
> >
> > in the / location
> >
> > and:
> >
> > proxy_set_header Authorization $authorization;
> > proxy_set_header Some-Other-Header $some_other;
> >
> > in the remote-proxy location
> >
> >
> > However I'm rather sure that this will not work :).
> >
> >
> > Manlio Perillo
> >
> >
>
> Manlio,
>
> Unfortunately this doesn't seem to work. "set $authorization
> upstream_http_authorization;" sets the $authorization variable to the
> string "upstream_http_authorization". If I change the line to "set
> $authorization $upstream_http_authorization;", it doesn't work either.
> I think that's because in Location / the Authorization header isn't
> set yet -- it's set by the local backend.
>
> I'm trying to use nginx as a proxy for a remote server. But in order
> to access the content on the remote server, I need to pass an
> Authorization header to it. The local backend is able to produce valid
> authorization tokens.
>
> So here's what I want to happen: the local backend produces an
> Authorization header which is then passed to the remote server
> backend. The remote server accepts the authorized request and returns
> the protect content to nginx which passes it on to the end user.
>
> Does this make sense?
>
> Thanks,
> Brendan
>
>
More information about the nginx
mailing list