auth_request and auth_request_set confusion ...
Dale Gallagher
dale.gallagher at gmail.com
Mon Apr 22 10:23:59 UTC 2013
Hi
I'd appreciate it if someone could enlighten me as to why the following
isn't working as expected. I'm trying to make the proxying to php dynamic -
in other words, depending on the authenticated user, requests will be
proxied to that user's PHP socket.
Both the login and auth locations are proxied to a Perl Dancer app.
Here's the auth app's /auth route:
get '/auth' => sub {
if (session('user') && session('time')) {
my $time_now = time;
if ($time_now - session('time') < config->{'session_timeout'}) {
session 'time' => $time_now;
header 'X-Auth-User' => session('user');
status 'ok';
}
else {
header 'X-Error-Page' => '/login/session_expired';
status 'forbidden';
}
}
else {
header 'X-Error-Page' => '/login/not_authorised';
status 'forbidden';
}
};
nginx.conf snippet:
location /login {
expires -1;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3000;
proxy_redirect http://$host https://$host;
}
location /auth {
internal;
expires -1;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3001;
proxy_pass_request_body off;
proxy_redirect http://$host https://$host;
proxy_set_header Content-Length "";
}
location /protected {
error_page 401 403 $error_page;
expires -1;
set $auth_user = 'none';
auth_request /auth;
auth_request_set $error_page $upstream_http_x_error_page;
auth_request_set $auth_user $upstream_http_x_auth_user;
location ~* \.php {
fastcgi_pass unix:/srv/web/$auth_user/sock/php-5.3.22.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param FILES_ROOT /srv/web/$auth_user/site;
include fastcgi_params;
}
}
The error_page works, when the Dancer app returns forbidden, but no matter
what I've tried to use the X-Auth_User header on the /auth app returning
200, I can't seem to coax nginx into passing it onto anything, be it a
rewrite, or the above listed \.php location stanza.
Any pointers would be appreciated.
Thanks
Dale
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20130422/372bf010/attachment-0001.html>
More information about the nginx
mailing list