Issue with NGINX as reverse proxy with basic auth in front of Apache with basic auth
ssaravalli
nginx-forum at nginx.us
Wed Aug 31 11:15:57 UTC 2011
Brane F. Gračnar Wrote:
-------------------------------------------------------
>
> You're removing Authorization request header
> before sending request to Apache
> server. That's why Apache cannot authenticate
> user.
>
> Comment-out the following line and try again:
>
> proxy_set_header Authorization "";
>
Hello Brane and thank you for your fast reply. I've commented the line
and restarted NGINX; now the behaviour is:
1) I log to NGINX url and I give username and password. From backend
Apache's access.log, with proxy_set_header Authorization ""; for
NGINX disabled, now I see a log like this:
Aug 31 13:07:42 intranet intranet: "<BACKEND IP>" "<MY IP>, <NGINX IP>"
"<NGINX USERNAME>" "[31/Aug/2011:13:07:42 +0200]" "GET / HTTP/1.0" "34"
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.1
(KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1"
And from Apache's error log I see:
[Wed Aug 31 13:07:42 2011] [warn] [client <BACKEND IP>] [2903] auth_ldap
authenticate: user <NGINX USER> authentication failed; URI / [User not
found][No such object]
So username and password for NGINX are forwarded also to Apache. These
errors where not displayed with the directive enabled.
---
2) I provide username and password for Apache's backend then from NGINX
error.log I receive this error:
2011/08/31 13:01:19 [error] 6541#0: *5 user "<BACKEND USER>" was not
found in "/etc/nginx/htpasswd", client: <my IP>, server: <NGINX IP>,
request: "GET / HTTP/1.1", host: "<NGINX IP>"
NGINX tries to find the <BACKEND USER> credentials provided into
/etc/nginx/htpasswd, insted of forward the request to the backend
server.
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,214550,214554#msg-214554
More information about the nginx
mailing list