Issue with NGINX as reverse proxy with basic auth in front of Apache with basic auth

ssaravalli nginx-forum at nginx.us
Wed Aug 31 11:15:57 UTC 2011


Brane F. Gračnar Wrote:
-------------------------------------------------------
> 
> You're removing Authorization request header
> before sending request to Apache 
> server. That's why Apache cannot authenticate
> user.
> 
> Comment-out the following line and try again:
> 
> proxy_set_header       Authorization "";
> 

Hello Brane and thank you for your fast reply. I've commented the line
and restarted NGINX; now the behaviour is:

1) I log to NGINX url and I give username and password. From backend
Apache's access.log, with proxy_set_header       Authorization ""; for
NGINX disabled, now I see a log like this:

Aug 31 13:07:42 intranet intranet: "<BACKEND IP>" "<MY IP>, <NGINX IP>"
"<NGINX USERNAME>" "[31/Aug/2011:13:07:42 +0200]" "GET / HTTP/1.0" "34"
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.1
(KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1"

And from Apache's error log I see:

[Wed Aug 31 13:07:42 2011] [warn] [client <BACKEND IP>] [2903] auth_ldap
authenticate: user <NGINX USER> authentication failed; URI / [User not
found][No such object]

So username and password for NGINX are forwarded also to Apache. These
errors where not displayed with the directive enabled.

---

2) I provide username and password for Apache's backend then from NGINX
error.log I receive this error:

2011/08/31 13:01:19 [error] 6541#0: *5 user "<BACKEND USER>" was not
found in "/etc/nginx/htpasswd", client: <my IP>, server: <NGINX IP>,
request: "GET / HTTP/1.1", host: "<NGINX IP>"

NGINX tries to find the <BACKEND USER> credentials provided into
/etc/nginx/htpasswd, insted of forward the request to the backend
server.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,214550,214554#msg-214554



More information about the nginx mailing list