auth_request + php-fpm + POST request

Maxim Dounin mdounin at
Mon Apr 13 12:46:38 UTC 2015


On Sat, Apr 11, 2015 at 09:21:30AM -0400, Arno0x0x wrote:

> Hi,
> I'm using the auth_request module to enable custom (2fa) authentication to
> protect my whole website, no matter the various applications I host on this
> website. So the auth_request directive is set at the "server" level.
> The authentication subrequest works fine, except for client POST requests
> where the php auth script holds forever until I get a timeout in the nginx
> error.log :
> "*1 upstream timed out (110: Connection timed out) while reading response
> header from upstream"
> It took me a while guessing why, but my guess is, from the debug trace I
> created, that the PHP script sees both a "content-length" and "content-type"
> in the HTTP headers, but the request body is not being sent to the auth
> scripts (there's no need anyway, all I need is the cookies).
> I had to trick the config to make it work, and that's what I'm sharing here,
> but I'd like to know if there's a more "standard" way to deal with this.

The recommended way can be seen in the example configuration in the

    location = /auth {
        proxy_pass ...
        proxy_pass_request_body off;
        proxy_set_header Content-Length "";

Similar approach should work for fastcgi too, but you'll have 
to avoid sending the CONTENT_LENGTH fastcgi param instead of the 
Content-Length header.

Maxim Dounin

More information about the nginx mailing list