Menu
I'm really new to nginx and am having some trouble with auth_request.
With the following conf
server {
listen 80;
listen [::]:80;
root /var/www/html;
index index.php;
server_name www.test.com;
error_page 401 403 = @error401;
location @error401 {
return 302 http://login.test.com;
}
auth_request /auth;
location = /auth {
internal;
proxy_pass http://auth.test.com;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Host $http_host;
if ($http_cookie ~* "sso_token=([^;]+)(?:;|$)") {
set $token "$1";
}
proxy_set_header X-SSO-TOKEN $token;
}
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
When accessing http://www.test.com I am getting a 500 http status code.
And in the error log
auth request unexpected status: 302 while sending to client, client: 172.16.8.23, server: www.test.com, request: "GET / HTTP/1.1", host: "www.test.com"
At the moment http://auth.test.com just returns a 401 if X-SSO-TOKEN is missing, and 200 if it's there. It doesn't return a 302.
I think the proxy_pass itself is returning it's 302 to auth_request module, rather than following it and returning the last status code (if that makes sense?)
Looking at these docs http://nginx.org/en/docs/http/ngx_http_auth_request_module.html this should work, but I can't figure it out.
Any help or pointers would be appreciated.
Thanks
876
Found the issue!
This was a school boy error :(
I was running nginx in a VM, and only on my host machine had I added the /etc/hosts entries for the *.test.com domains. So the internal proxy_pass call were going to the real auth.test.com which was returning a 302. After adding the host entries in my VM, all worked fine.
128
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
