pass or write the username from Nginx into an app

Question

Hi I am an absolute beginer in Nginx! I use Nginx as a reverse proxy in front of a shiny server and recognised that Nginx writes two files html and log. In access.log I can see the usernames. The important part of my Nginx config file contains this part

http {
    server_tokens off;
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/nginx_shiny_access.log;

    sendfile    on;
    keepalive_timeout 65;
    auth_ldap_cache_enabled on;
    auth_ldap_cache_expiration_time 10000;
    auth_ldap_cache_size 1000;

I can see the user names in logs/nginx_shiny_access.log because of $remote_user.

How can I get the user names in html file and just temporary because I need the user names in the application and I do not know how can I get them? Thank you in advance.

Hi, check this to see how to forward custom headers in nginx, https://serverfault.com/questions/391554/forward-custom-header-from-nginx-reverse-proxy and this shows you how to access it in shiny app, https://stackoverflow.com/questions/42442936/get-response-header-variable-in-shiny — kks21199, Nov 17 '21 at 22:05
It isn't a nginx job. `$remote_user` nginx variable contains user name supplied with the Basic authentication. It is a backend webapp who can check the `Authorization` HTTP header value and use it while generating an HTML document. — Ivan Shatsky, Nov 17 '21 at 22:10

score 2 · Accepted Answer · answered Dec 13 '21 at 23:35

In the case of reverse proxy, nginx.conf has generally the following structure:

http{ ...
...
   ldap_server MY_WEBSITE {
       url ...
        binddn ...;
        binddn_passwd ...;
        group_attribute member;
        group_attribute_is_dn on;
                           }
    server {
        listen 443 ssl http2;
        server_name  localhost *.example.com;
        ssl_certificate     /apps/my.cer;
        ssl_certificate_key /apps/my.key;
        proxy_max_temp_file_size 0;
        add_header xv-nginx-remote_user $remote_user;
           }
}

New is add_header xv-nginx-remote_user $remote_user;

Then, one can define a java script function in ui.R:

library(shinyjs)
library(shiny)
    
    shinyUI(fluidPage(
      
    useShinyjs(),  # Set up 
    tags$script('
        shinyjs.init = function() {
        var client = new XMLHttpRequest();
        client.open("GET", "" , true);
        client.send();
        return client.onreadystatechange = function() {
        var remote_user = client.getResponseHeader("xv-nginx-remote_user");
        Shiny.onInputChange("USERNAME", remote_user);}
        };
      '),
      
      verbatimTextOutput("USERNAME")
      
))

and one has to ask for members in LDAP-group in server.R

     if(Sys.info()["sysname"] == "Linux") {
        ldap.members <- paste("ldapsearch -LLL -x -h dcwi.org.com -b \"dc=org,dc=com\" -D \
"CN=",Sys.getenv("ldaptu"),",OU=...,DC=org,DC=com\" -w ",Sys.getenv("ldappwd"),"\"CN=....\" member")
        ....
      }

pass or write the username from Nginx into an app

1 Answers1