openstack swift as a cache proxy for nginx, swift proxy report 401 error when authenticate

AmyAmy nginx-forum at forum.nginx.org
Wed Mar 2 03:19:41 UTC 2016


hello, everybody.

I am trying to find a way to use Openstack swift to cache static file for a
web server such as nginx, the below are request step:
1.	 nginx is configured as a load balance proxy server and web server. 
2.	 There are several swift , suppose there are 2, that is swift-A,swift-B
,swift-A is control node,and swift-B is storage node
3.	 client send a request to nginx for url: http://domain.com/filename.txt
4.	 nginx received the request and it is a cache miss, it need to fetch the
content from SWIFT proxy server,
5.	 nginx send a request to swift proxy server for authentication, the url
looks like http://swift-proxy/auth-account, account information is set in
header, the response from swift proxy server contains a auth-token for that
account if authentication success.
6.	 then nginx use this auth-token and put it in a new request header, and
send the new request to the swift proxy server for the original request
content, there could be a map between client request url to the swift proxy
url, for example, /filename.txt --> /account/container/filename.txt, so the
new request url could be
http://swift-proxy/account/container/filename.txt,plus the auth-token.
7.	 swift proxy server response the content to nginx, then nginx cache the
content and pass the response to the client.



I have search for the answer on the internet, and referent this solution:
https://forum.nginx.org/read.php?2,250458,250463#msg-250463

Then ,I change my nginx configuration like this:


    
server {
        listen       80;
        server_name  localhost;
        location / {
            root   html;
            index  index.html index.htm;
            auth_request /auth/v1.0;
        }
        location /auth/v1.0 {
                proxy_pass      http://192.168.1.1:8080;
                proxy_pass_request_body off;
                proxy_set_header Content-Length "";
                proxy_set_header X-Original-URI $request_uri;
        }
}



Port 80 is for nginx,port 8080 is for swift, both can work independently,
but after I change the configuration ,use chrome browser enter:10.67.
247.21,it just not working like what I expect, swift proxy return 401 error,
swift proxy logs report like this :



Mar  1 20:43:48 localhost journal: proxy-logging 192.168.1.1 192.168.1.1
01/Mar/2016/20/43/48 GET /auth/v1.0 HTTP/1.0 401 -
Mozilla/5.0%20%28Windows%20NT%206.1%3B%20WOW64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/28.0.1500.72%20Safari/537.36
- - 131 - txbfc24355780143568445c4ddf5d774e3 - 0.0003 -
Mar  1 20:43:48 localhost journal: tempauth - 192.168.1.1
01/Mar/2016/20/43/48 GET /auth/v1.0 HTTP/1.0 401 -
Mozilla/5.0%20%28Windows%20NT%206.1%3B%20WOW64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/28.0.1500.72%20Safari/537.36
- - - - txbfc24355780143568445c4ddf5d774e3 - 0.0007



I don’t know does it matter if I use a chrome browser to send request to
swift ,it looks like some unrecognized char are include in the request
header .while I use shell command to send request, it works fine, like this
:



[root at localhost ~]# curl -v -H 'X-Storage-User: service:swift' -H
'X-Storage-Pass:swift ' http://192.168.1.1:8080/auth/v1.0
*   Trying 192.168.1.1...
* Connected to 192.168.1.1 (192.168.1.1) port 8080 (#0)
> GET /auth/v1.0 HTTP/1.1
> Host: 192.168.1.1:8080
> User-Agent: curl/7.47.1
> Accept: */*
> X-Storage-User: service:swift
> X-Storage-Pass:swift 
> 
< HTTP/1.1 200 OK
< X-Storage-Url: http://192.168.1.1:8080/v1/AUTH_service
< X-Auth-Token: AUTH_tk4f2eaa45b35c47b4ab0b955710cce6da
< Content-Type: text/html; charset=UTF-8
< X-Storage-Token: AUTH_tk4f2eaa45b35c47b4ab0b955710cce6da
< Content-Length: 0
< X-Trans-Id: tx3b90f2a8a3284f52951cc80ca41f104a
< Date: Tue, 01 Mar 2016 21:10:50 GMT
< 
* Connection #0 to host 192.168.1.1 left intact





Below is my swift proxy-server.conf:



[DEFAULT]

bind_port = 8080
bind_ip = 192.168.1.1

workers = 1

user = swift

log_facility = LOG_LOCAL1

eventlet_debug = true

[pipeline:main]

pipeline = catch_errors healthcheck proxy-logging cache tempurl ratelimit
tempauth staticweb  proxy-logging proxy-server


[filter:catch_errors]

use = egg:swift#catch_errors
set log_name = cache_errors


[filter:healthcheck]

use = egg:swift#healthcheck
set log_name = healthcheck


[filter:proxy-logging]

use = egg:swift#proxy_logging
set log_name = proxy-logging

[filter:ratelimit]

use = egg:swift#ratelimit
set log_name = ratelimit


[filter:crossdomain]

use = egg:swift#crossdomain
set log_name = crossdomain


[filter:tempurl]

use = egg:swift#tempurl
set log_name = tempurl


[filter:tempauth]
use = egg:swift#tempauth
set log_name = tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test_tester3 = testing3
user_service_swift = swift .admin

[filter:staticweb]

use = egg:swift#staticweb
set log_name = staticweb


[filter:cache]

use = egg:swift#memcache
set log_name = memcache


[app:proxy-server]

use = egg:swift#proxy
set log_name = proxy
allow_account_management = true

account_autocreate = true



I have no idea for the 401 error occurred and how to solve this question.Are
there some configuration error in my swift or nginx configuration file?


Thanks for your time,
Amy

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,264991,264991#msg-264991



More information about the nginx mailing list