Nginx Reverse Proxy - End-to-End Basic Authentication

Question

Nginx Reverse Proxy - End-to-End Basic Authentication

I am trying to configure nginx as a rpoxy reverse server in front of several IIS web servers that authenticate using basic authentication.

(note - this is not the same as nginx providing auth using a password file - it should just be marshelling everythnig between browser / server)

The operating mode is disabled, but it constantly requests auth every resource (image / css, etc.) on the page.

upstream my_iis_server {
      server 192.168.1.10;
}

server {
    listen       1.1.1.1:80;
    server_name  www.example.com;  

    ## send request back to my iis server ##
    location / {
     proxy_pass  http://my_iis_server;
     proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
     proxy_http_version      1.1;
     proxy_set_header        Connection "";
     proxy_pass_header       Authorization;     
     proxy_redirect off;
     proxy_buffering off;
     proxy_set_header        Host            $host;
     proxy_set_header        X-Real-IP       $remote_addr;
     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
   }
}

+5

iis reverse proxy nginx basic authentication

Ryan Feb 12 '13 at 18:55

source share

2 answers

nginx/1.10.3. , , nginx - - . , nginx .

. , , .

- . cookie , . , . .

, https http, :

proxy_pass http://$upstream;

:

proxy_pass https://$upstream;

0

Leonardo Fernandes 14 . '17 0:24

Matt · Accepted Answer · 2013-10-31T19:06:50+0000

This exact situation made me figure it out forever, but OSS, I suppose. This post is a year, so perhaps the original poster understood this or refused?

, , , :

IIS , , , Nginx, Nginx _ , , WWW- , IIS .
WWW-Authenticate, WWW-Authenticate: Negotiate. headers-more , .

Sharepoint 2010 Nginx.

stackoverflow.

server {
    listen 80;
    server_name your.site.com;

    location / {
            proxy_http_version      1.1;
            proxy_pass_request_headers on;
            proxy_set_header        Host            $host;
            proxy_set_header        X-Real-IP       $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

            #proxy_pass_header      Authorization; //This didnt work for me
            more_set_input_headers  'Authorization: $http_authorization';

            proxy_set_header  Accept-Encoding  "";

            proxy_pass              https://sharepoint/;
            proxy_redirect          default;
            #This is what worked for me, but you need the headers-more mod
            more_set_headers        -s 401 'WWW-Authenticate: Basic realm="intranet.example.com"';
    }
}

Nginx Reverse Proxy - End-to-End Basic Authentication

More articles: