Menu
I am serving restricted downloads in rails using X-Accel-Redirect with nginx. To validate my downloads in client app, i am trying to send the checksum in the non standard HTTP header Content-MD5 to the X-Accel-Redirect request. But this is not working.
below the rails snippet used to do the redirection
headers['X-Accel-Redirect'] = '/download_public/uploads/stories/' + params[:story_id] +'/' + params[:story_id] + '.zip'
headers['X-Accel-Expires'] = 'max'
checksum = Digest::MD5.file(Rails.root.dirname.to_s+'/public/uploads/stories/' + params[:story_id] +'/' + params[:story_id] + '.zip').hexdigest
headers['Content-MD5'] = checksum
request.session_options[:skip] = true
render :nothing => true, :content_type => MIME::Types.type_for('.zip').first.content_type
This is the nginx section
location /download_public {
internal;
proxy_pass_header Content-MD5;
add_header Cache-Control "public, max-age=315360000";
add_header Content-Disposition "inline";
alias /var/www/sss/public;
}
This is not working apparently. I am not able to get the Content-MD5 header in my responses. Is there any way to pass my Content-MD5 header from rails?
I know there are ways to do that entirely in nginx, like compiling nginx with perl or lua and easily calculate the MD5 on the fly. But i dont want to do that.
Any help is much appreciated.
386
NGINX takes care of known frequently used headers (list of known headers_in). It parses it and stores in the handy place (direct pointer in headers_in ). If a known header may consist of more then one value (Cookies or Cache-Control for example.) NGINX could handle it with an array.
X-accel allows for internal redirection to a location determined by a header returned from a backend.
XSendfile¶The delivery of a static file which depends on an application header is known as the X-Sendfile feature. Lighttpd has this feature and there is a mod_xsendfile for Apache2. NGINX also has this feature, but implemented a little bit differently. In NGINX this feature is called X-Accel-Redirect .
The Nginx add_header directive allows you to define an arbitrary response header and value to be included in all response codes, which are equal to 200 , 201 , 204 , 206 , 301 , 302 , 303 , 304 , or 307 . This can be defined from within your nginx.
Use add_header Content-MD5 $upstream_http_content_md5;
Since X-Accel-Redirect causes internal redirect nginx will not send returned headers, but it will keep them in $upstream_http_... variables. So you could use them.
176
I've tried accepted answer and it doesn't work for me. But this works:
set $authorization "$upstream_http_authorization";
proxy_set_header Authorization $authorization; # Pass on secret from back end
(copy-pasted from this article https://clubhouse.io/developer-how-to/how-to-use-internal-redirects-in-nginx/)
It's interesting that it's important to extract variable. This does not work for me:
proxy_set_header Authorization "$upstream_http_authorization";
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
