NGINX auth_request is ignored

Question

I have the following in my nginx.conf:

location / {
    auth_request /auth;
    add_header Content-Type text/plain;
    return 200 'You are in!';
}

location = /auth {
    proxy_pass http://localhost:5021/auth;
    proxy_pass_request_body off;
    proxy_set_header Host $http_host;
    proxy_set_header X-Original-URI $request_uri;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Authorization $http_authorization;
    proxy_pass_header Authorization;
}

Thus I would expect http://localhost:5021/auth (a Flask app) to be accessed upon trying to reach /. This does not happen, and using the nginx-debug binary and error_log /var/log/nginx/error.log debug; I never see any of the debug output that I expect to see (log for the request is available here). There are no errors, neither printed to the console nor any of nginx's log files. It seems like the auth_request line is just silently ignored.

Output of nginx-debug -V (it does contain --with-http_auth_request_module):

nginx version: nginx/1.15.8
built by gcc 6.4.0 (Alpine 6.4.0) 
built with OpenSSL 1.0.2q  20 Nov 2018
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-threads --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-http_slice_module --with-mail --with-mail_ssl_module --with-compat --with-file-aio --with-http_v2_module --with-debug

Answer 1

return will unconditionally stop the processing and return the specified code to a client, you probably want to remove that.