0

My curl request looks as follows:

curl --header "Authorization: Basic BASE_64" https://example.com --tlsv1 -k

(I need to explicitly provide TLS and skip verification)

and it works. I'd like to setup nginx to act as middleware and handle authentication for remote server.

location / {
  proxy_pass                         {{ remote_server }};
  proxy_set_header Host              $host;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header Authorization     "Basic {{ base64_token }}";
}

Unfortunately with these settings I got 403 forbidden. What I'm doing different than in curl request?

My error.log shows:

2014/12/20 02:40:12 [error] 15676#0: *13 connect() failed (111: Connection refused) while connecting to upstream, client: MY_OWN_IP, server: _, request: "GET /MY_REQUESTED_ENDPOINT HTTP/1.1", upstream: "https://MY_REMOTE_UPSTREAM", host: "MY_SERVER_IP"
2014/12/20 02:40:24 [info] 15676#0: *15 client timed out (110: Connection timed out) while waiting for request, client: MY_OWN_IP, server: 0.0.0.0:80

The very important thing is that MY_UPSTREAM accepts connections only from MY_SERVER_UP, that's why I'm creating this middleware.

Kamil Lelonek
  • 113
  • 1
  • 7
  • 1
    What are the contents of your error log for the requests made which fail? – BE77Y Dec 19 '14 at 16:00
  • Actually there's no fail messages in error log. – Kamil Lelonek Dec 19 '14 at 20:13
  • Given that you're seeing an access denied message, you should at least see that mirrored in the log - it might be a good idea to increase the logging verbosity while you troubleshoot, to debug mode – BE77Y Dec 19 '14 at 20:36

1 Answers1

1

The final working configuration is

location / {
  proxy_pass                         {{ remote_server }};
  proxy_set_header Authorization     "Basic {{ base64_token }}";
}

We shouldn't pass neither $host (we want our middleware to be host) nor $scheme (I don't use SSL on the middleware, while upstream uses).

Kamil Lelonek
  • 113
  • 1
  • 7