skip to Main Content

After adding auth_request to my nginx server I started getting 500 error for that location. I also noticed that the auth server never gets the auth request. It’s like it’s not being sent at all.

Here’s my config:

server {
        # No SSL Configuration
        listen 80;
        listen [::]:80;

        # SSL configuration
        listen 443 ssl;
        listen [::]:443 ssl;
        ssl_certificate /etc/ssl/certs/xxx.com.pem;
        ssl_certificate_key /etc/ssl/private/xxx.key;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;


        root /var/www/html;

        index index.html index.htm index.nginx-debian.html;

        server_name xxx.xxx.com;

        location /default/ {
                # HEADERS CONFIGURATION

                add_header 'Cache-Control' 'no-cache';
                add_header 'Access-Control-Allow-Origin' '*';

                # SECURE_LINK CONFIGURATION

                secure_link $arg_h,$arg_e;
                secure_link_md5 "PASSWORD$arg_e$uri";

                # SECURE_LINK VERIFICATIONS

                if ($secure_link = "") {
                        return 403;
                }
                if ($secure_link = "0") {
                        return 403;
                }

                # AUTH_REQUEST MODULE

                auth_request /auth;
                auth_request_set $auth_status $upstream_status;

                #root /var/www/html;
        }

        location = /auth {
            internal;
            proxy_pass              https://yyy.xxx.com/verify/;
            proxy_pass_request_body off;
            proxy_set_header        Content-Length "";
            proxy_set_header        X-Original-URI $request_uri;
        }
}

nginx version: 1.19.8

UPDATE

After a lot of testing I noticed that auth_request works fine if I proxy_pass to a localhost server or to external server’s ip. But if I use the external server’s domain name it won’t work.

I am able to proxy_pass (without auth_request) another location to my external server by using it’s domain name. But inside the auth_request’s /auth location it won’t work with domain name.

Any ideas what wrong in my config and why the auth_request isn’t working with domain name?

2

Answers


  1. Chosen as BEST ANSWER

    I finally managed to find the problem. The problem was not caused by the domain name or anything else. It was caused by ssl. I'm using cloudflare for my domain and in cloudflare I'm redirecting all http requests to https.

    Turns out that for some reason auth_request's proxy_pass is notworking with ssl.

    So what I ended up doing is the following:

    1. Disabled the http to https redirection in CloudFlare.
    2. I created a new subdomain "verify" for my auth server.
    3. In nginx config on my auth server I am redirecting all http traffic to https, except for the traffic to the verification subdomain.

    This way the auth request is sent to an http server and it works fine.

    I know this is a workaround and not an actual solution to the problem, so I'll be happy to see more answers suggesting ways to make the auth_request work with an ssl protected auth server.


  2. I’m having similar issues on nginx 1.19.6. In some other threads, I have been seeing people adding a host header:

    proxy_set_header        HOST "yyy.xxx.com";
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search