auth_request and auth_request_set confusion ...
Maxim Dounin
mdounin at mdounin.ru
Mon Apr 22 21:02:21 UTC 2013
Hello!
On Mon, Apr 22, 2013 at 12:23:59PM +0200, Dale Gallagher wrote:
> Hi
>
> I'd appreciate it if someone could enlighten me as to why the following
> isn't working as expected. I'm trying to make the proxying to php dynamic -
> in other words, depending on the authenticated user, requests will be
> proxied to that user's PHP socket.
>
> Both the login and auth locations are proxied to a Perl Dancer app.
>
> Here's the auth app's /auth route:
>
> get '/auth' => sub {
> if (session('user') && session('time')) {
> my $time_now = time;
> if ($time_now - session('time') < config->{'session_timeout'}) {
> session 'time' => $time_now;
> header 'X-Auth-User' => session('user');
> status 'ok';
> }
> else {
> header 'X-Error-Page' => '/login/session_expired';
> status 'forbidden';
> }
> }
> else {
> header 'X-Error-Page' => '/login/not_authorised';
> status 'forbidden';
> }
> };
>
> nginx.conf snippet:
>
> location /login {
> expires -1;
> proxy_set_header Host $host;
> proxy_pass http://127.0.0.1:3000;
> proxy_redirect http://$host https://$host;
> }
>
> location /auth {
> internal;
> expires -1;
> proxy_set_header Host $host;
> proxy_pass http://127.0.0.1:3001;
> proxy_pass_request_body off;
> proxy_redirect http://$host https://$host;
> proxy_set_header Content-Length "";
> }
>
> location /protected {
> error_page 401 403 $error_page;
> expires -1;
> set $auth_user = 'none';
> auth_request /auth;
> auth_request_set $error_page $upstream_http_x_error_page;
> auth_request_set $auth_user $upstream_http_x_auth_user;
>
> location ~* \.php {
> fastcgi_pass unix:/srv/web/$auth_user/sock/php-5.3.22.sock;
> fastcgi_index index.php;
> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
> fastcgi_param FILES_ROOT /srv/web/$auth_user/site;
> include fastcgi_params;
> }
> }
>
> The error_page works, when the Dancer app returns forbidden, but no matter
> what I've tried to use the X-Auth_User header on the /auth app returning
> 200, I can't seem to coax nginx into passing it onto anything, be it a
> rewrite, or the above listed \.php location stanza.
>
> Any pointers would be appreciated.
Could you please show debug log?
See http://nginx.org/en/docs/debugging_log.html for more
information.
--
Maxim Dounin
http://nginx.org/en/donation.html
More information about the nginx
mailing list