Basic authentication and reverse proxy
Maxim Dounin
mdounin at mdounin.ru
Thu Nov 20 22:56:47 MSK 2008
Hello!
On Thu, Nov 20, 2008 at 07:39:59PM +0000, John Moore wrote:
> I'm using nginx (0.5.32) as a reverse proxy for Tomcat, and it's working
> spectacularly well. There are some admin pages I want to protect,
> initially just with Basic authentication, and I think I've set it up
> right, but what I'm seeing puzzles me. Below is a simplified version of
> my nginx.conf:
>
> server {
> listen 80;
>
> location / {
> include /etc/nginx/proxy.conf;
> }
> location /viewServers.htm {
> auth_basic "Restricted";
> auth_basic_user_file /etc/nginx/users;
> include /etc/nginx/proxy.conf;
> }
>
> }
>
> Normally everything is proxied to the backend Tomcat server. What I want
> now is for the /viewServers.htm page to be protected. It prompts for the
> username and password and when these have been entered correctly, it
> forwards the request, but evidently makes some change to it which I
> can't work out, as it turns up at Tomcat as if it is just / (i.e.,
> without the viewServers.htm), even though it is displayed in the browser
> as /viewServers.htm (in the Tomcat access log, no such page is
> recorded). If I remove the whole location /viewServers.htm... block, I
> get a quite different (correct) page served.
>
> Have I set this up right? What do I need to do to have basic
> authentication working for a certain set of requests which nginx is to
> forward to a back end server?
Guess you used
proxy_pass http://your-backend/;
in your proxy.conf (note the trailing '/'). This will replace
part of the uri matched by location with '/'.
Correct solution is to use proxy_pass without path component, i.e.
proxy_pass http://your-backend;
See http://wiki.codemongers.com/NginxHttpProxyModule#proxy_pass
for details.
Maxim Dounin
More information about the nginx
mailing list