After adding auth_request to my nginx server I started getting 500 error for that location. I also noticed that the auth server never gets the auth request. It’s like it’s not being sent at all.
Here’s my config:
server {
# No SSL Configuration
listen 80;
listen [::]:80;
# SSL configuration
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/ssl/certs/xxx.com.pem;
ssl_certificate_key /etc/ssl/private/xxx.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name xxx.xxx.com;
location /default/ {
# HEADERS CONFIGURATION
add_header 'Cache-Control' 'no-cache';
add_header 'Access-Control-Allow-Origin' '*';
# SECURE_LINK CONFIGURATION
secure_link $arg_h,$arg_e;
secure_link_md5 "PASSWORD$arg_e$uri";
# SECURE_LINK VERIFICATIONS
if ($secure_link = "") {
return 403;
}
if ($secure_link = "0") {
return 403;
}
# AUTH_REQUEST MODULE
auth_request /auth;
auth_request_set $auth_status $upstream_status;
#root /var/www/html;
}
location = /auth {
internal;
proxy_pass https://yyy.xxx.com/verify/;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
}
nginx version: 1.19.8
UPDATE
After a lot of testing I noticed that auth_request works fine if I proxy_pass to a localhost server or to external server’s ip. But if I use the external server’s domain name it won’t work.
I am able to proxy_pass (without auth_request) another location to my external server by using it’s domain name. But inside the auth_request’s /auth location it won’t work with domain name.
Any ideas what wrong in my config and why the auth_request isn’t working with domain name?
2
Answers
I finally managed to find the problem. The problem was not caused by the domain name or anything else. It was caused by ssl. I'm using cloudflare for my domain and in cloudflare I'm redirecting all http requests to https.
Turns out that for some reason auth_request's proxy_pass is notworking with ssl.
So what I ended up doing is the following:
This way the auth request is sent to an http server and it works fine.
I know this is a workaround and not an actual solution to the problem, so I'll be happy to see more answers suggesting ways to make the auth_request work with an ssl protected auth server.
I’m having similar issues on nginx 1.19.6. In some other threads, I have been seeing people adding a host header: