Ngix reverse proxy pass authentication IIS

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Ngix reverse proxy pass authentication IIS

vergil
Hello,
I'm trying to set up a reverse proxy with NGNIX on a Ubuntu Server. The
upstream server is IIS configured with basic authentication working only as
https since it has a 301 redirection configured on it.
Here is my conf file
server {

listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name fweb.biz;
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;

ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass https://192.168.99.14;
proxy_read_timeout 90;
proxy_redirect https://192.168.99.14 https://fweb.biz;
}
}

I'm redirect to the upstream server and asked for credential but nothing
happens. Looks like the credential are not pass to the upstream server.
Please can somebody help me.
Thanks

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288000,288000#msg-288000

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Ngix reverse proxy pass authentication IIS

Francis Daly
On Mon, May 11, 2020 at 06:36:10PM -0400, evulcu wrote:

Hi there,

> I'm trying to set up a reverse proxy with NGNIX on a Ubuntu Server. The
> upstream server is IIS configured with basic authentication working only as
> https since it has a 301 redirection configured on it.

what does

  curl -ik https://192.168.99.14

return? Assuming it is a http 401, then most interesting is the next word
after "WWW-Authenticate:". If it is not "Basic", then your upstream is
not configured the way that you think it is. (And that will block it from
working through stock-nginx.)

> I'm redirect to the upstream server and asked for credential but nothing
> happens. Looks like the credential are not pass to the upstream server.
> Please can somebody help me.

If the above does not show the fix, then:

* what request do you make?
* what response do you want?
* what response do you get instead?

Possibly there will be something interesting in the IIS server logs too.

Good luck with it,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx