auth_request and auth_request_set confusion ...

Dale Gallagher dale.gallagher at gmail.com
Mon Apr 22 10:23:59 UTC 2013 

Hi

I'd appreciate it if someone could enlighten me as to why the following
isn't working as expected. I'm trying to make the proxying to php dynamic -
in other words, depending on the authenticated user, requests will be
proxied to that user's PHP socket.

Both the login and auth locations are proxied to a Perl Dancer app.

Here's the auth app's /auth route:

get '/auth' => sub {
    if (session('user') && session('time')) {
        my $time_now = time;
        if ($time_now - session('time') < config->{'session_timeout'}) {
            session 'time' => $time_now;
            header 'X-Auth-User' => session('user');
            status 'ok';
        }
        else {
            header 'X-Error-Page' => '/login/session_expired';
            status 'forbidden';
        }
    }
    else {
        header 'X-Error-Page' => '/login/not_authorised';
        status 'forbidden';
    }
};

nginx.conf snippet:

location /login {
    expires -1;
    proxy_set_header Host $host;
    proxy_pass http://127.0.0.1:3000;
    proxy_redirect http://$host https://$host;
}

location /auth {
    internal;
    expires -1;
    proxy_set_header Host $host;
    proxy_pass http://127.0.0.1:3001;
    proxy_pass_request_body off;
    proxy_redirect http://$host https://$host;
    proxy_set_header Content-Length "";
}

location /protected {
    error_page 401 403 $error_page;
    expires -1;
    set $auth_user = 'none';
    auth_request /auth;
    auth_request_set $error_page $upstream_http_x_error_page;
    auth_request_set $auth_user $upstream_http_x_auth_user;

    location ~* \.php {
      fastcgi_pass   unix:/srv/web/$auth_user/sock/php-5.3.22.sock;
      fastcgi_index  index.php;
      fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
      fastcgi_param  FILES_ROOT /srv/web/$auth_user/site;
      include        fastcgi_params;
    }
}

The error_page works, when the Dancer app returns forbidden, but no matter
what I've tried to use the X-Auth_User header on the /auth app returning
200, I can't seem to coax nginx into passing it onto anything, be it a
rewrite, or the above listed \.php location stanza.

Any pointers would be appreciated.

Thanks
Dale
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20130422/372bf010/attachment-0001.html>

More information about the nginx mailing list