Authentication of Apache+SVN server behind nginx reverse proxy

Question

I have an Apache2/svn server which runs behind an nginx reverse proxy. Basic authentication is done by nginx, so basically the Apache2 server behind the reverse proxy does not have to do any authentication stuff.

I have an entry for the user in the authorization config for svn mod_authz_svn:

[/]
* = r
test = rw

The user test can checkout but not commit.

I do not know how to provide the authenticated user from nginx to the apache2 server hosting the svn installation.

What I tried:

Set the Remote-User HTTP header in the nginx reverse proxy

proxy_set_header REMOTE_USER $remote_user;

Forward the authorization header

proxy_set_header Authorization $http_authorization;
proxy_pass_header  Authorization;

score 2 · Accepted Answer · answered Dec 14 '21 at 21:33

I have the same issue, and I got it solved by using the apache mod_authn_anon module.

Apache configuration:

LoadModule authn_anon_module /usr/lib/apache2/mod_authn_anon.so
LoadModule dav_svn_module /usr/lib/apache2/mod_dav_svn.so
LoadModule authz_svn_module /usr/lib/apache2/mod_authz_svn.so

<Location /some/path/svn>
        DAV svn
        SVNPath /svn
        SVNReposName /some/path/svn

        # Authentication is performed by the reverse proxy, the username is
        # forwarded/set in the Remote-User header by the proxy.
        # Use anon authentication module, allowing anybody to access this path,
        # but registering the user in svn.
        AuthType Basic
        AuthName SVN
        AuthBasicProvider anon
        Anonymous "*"
        Require valid-user
</Location>

Nginx configuration:

 location /some/path/svn {
    proxy_set_header Host $host;
    proxy_pass http://svn/some/path/svn;
    proxy_set_header Remote-User $remote_user;
}

Authentication of Apache+SVN server behind nginx reverse proxy

1 Answers1