mod_auth_request + php5-fpm gives error 504 on POST requests, GET requests are okay

Maxim Dounin mdounin at mdounin.ru
Sun Feb 24 17:53:47 UTC 2013 

Hello!

On Sat, Feb 23, 2013 at 06:32:45PM -0500, refghbn wrote:

> Setup: php5-fpm listening on socket + nginx 1.2.6
> 
> Wanted to use mod_auth_request for www authentication. Works fine for GET
> requests, POST requests time out with error 504.

By "mod_auth_request" you mean auth request module, as available 
from http://mdounin.ru/hg/ngx_http_auth_request_module?

> Error log:
> 2013/02/24 00:13:03 [error] 24004#0: *13 auth request unexpected status: 504
> while sending to client, client: 80.187.106.XXX, server: xxx.net, request:
> "POST /test.php HTTP/1.1", host: "xxx.net", referrer:
> "https://xxx.net/test.php"
> 
> With GET, as stated, and when testing the subrequest script directly,
> everything works fine. Gives 201/401 header, empty body as it should.
> 
>           location ~ \.php$ {
>   
>                   root /var/www;
>  
>                   fastcgi_pass    unix:/var/run/php5-fpm.sock;
>                  fastcgi_index  index.php;
>                  fastcgi_intercept_errors on;
>                   error_page 404 /index.html;
>   
>                   fastcgi_param DOCUMENT_ROOT   /var/www;
>                   fastcgi_param SCRIPT_FILENAME
> /var/www$fastcgi_script_name;
>                   fastcgi_param PATH_TRANSLATED
> /var/www$fastcgi_script_name;
>   
>                  include /etc/nginx/fastcgi.conf;
>  
>                  auth_request /authenticator/www.php;
>          }
>  
>          location = /authenitcator/www.php {
>                  fastcgi_pass unix:/var/run/php5-fpm.sock;
>                  fastcgi_param SCRIPT_FILENAME
> /var/www$fastcgi_script_name;
>                  fastcgi_param PATH_TRANSLATED
> /var/www$fastcgi_script_name;
>          }
> 
> Does anyone have an idea?

You have a typo in location, "authenITcator" instead of 
"authenTIcator".  This results in "location ~ \.php$" being used 
for auth requests instead of dedicated one.  

In "location ~ \.php$" it doesn't work for POST requests but times 
out instead as auth request doesn't have request body (it's not 
yet read from a client), but there will be Content-Length header.  
This might confuse backend's code, and in general you should have 
something equivalent to the following line from README:

    proxy_set_header Content-Length "";

I.e. for fastcgi you should _not_ provide fastcgi_param 
CONTENT_LENGTH.

-- 
Maxim Dounin
http://nginx.com/support.html

More information about the nginx mailing list