Client ip adress gets lost (nginx authentication via sub-request)

jko98 nginx-forum at forum.nginx.org
Wed Jul 17 11:33:52 UTC 2019


Hi!

I am using http-auth-request-module on a nginx proxy to authenticate against
another server. This other server's authentication mechanism evaluates the
requesting client ip adress for authentication purposes.

However, this server only receives the ip adress from the proxy server -
regardless from which client i access the proxied URL.

How can i pass the origin client ip adress via the proxy server on to the
"authentication server"?

Workflow illustration: https://i.stack.imgur.com/4wNSd.png


...
server {
   listen *:80;

   location /restricted {
          auth_request /auth;
       proxy_pass http://proxied-server/;
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   }

   location /auth {
       internal;
       proxy_pass http://authentication-server/;
   }
}
...

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,284877,284877#msg-284877



More information about the nginx mailing list