I have the following test nginx configuration:
user nginx;
worker_processes auto;
error_log /dev/stderr debug;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /dev/stderr main;
sendfile on;
keepalive_timeout 65;
upstream content {
server 127.0.0.1:4001;
}
server {
listen 4000;
server_name test;
gzip off;
autoindex off;
location /test-auth {
add_header X-Test "testvalue";
return 200;
}
location /proxy {
add_header "X-Test1" "test1";
auth_request /test-auth;
auth_request_set $test $sent_http_x_test;
auth_request_set $test2 $upstream_status;
add_header X-Test $test;
add_header X-Test2 $test2;
proxy_pass http://content?test=$test&test2=$test2;
proxy_pass_request_body off;
}
}
server {
listen 4001;
add_header X-Test3 "test3";
return 200 "testt response $args";
}
}
I expect that requesting the /proxy
URL will return all test headers: X-Test
(header returned by the auth request), X-Test1
(just a sample), X-Test2
(value of the auth request HTTP status), X-Test3
(set by the content
downstream).
But in the reality, this request only returns X-Test1
and X-Test2
. I can not get any value (headers or return status) by the auth_request_set
directive. I tried both variants of variable names I found in google: $sent_http_x_test
and $upstream_http_x_test
but no luck. The $test
variable is always empty.
I saw the following official example: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/ but the auth_request_set $test2 $upstream_status;
line also doesn't work and the $test2
variable is always empty.
What I'm doing wrong?
CodePudding user response:
The problem is that /test-auth
location has no upstream configured, you could try the configure below.
$upstream_http_x_test
is correct.
user nginx;
worker_processes auto;
error_log /dev/stderr debug;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /dev/stderr main;
sendfile on;
keepalive_timeout 65;
upstream content {
server 127.0.0.1:4001;
}
server {
listen 4000;
server_name test;
gzip off;
autoindex off;
location /real-auth {
add_header X-Test "testvalue";
return 200;
}
location /test-auth {
proxy_pass http://127.0.0.1:4000/real-auth;
}
location /proxy {
add_header "X-Test1" "test1";
auth_request /test-auth;
auth_request_set $test $upstream_http_x_test;
auth_request_set $test2 $upstream_status;
add_header X-Test $test;
add_header X-Test2 $test2;
proxy_pass http://content?test=$test&test2=$test2;
proxy_pass_request_body off;
}
}
server {
listen 4001;
add_header X-Test3 "test3";
return 200 "testt response $args";
}
}