Authentication fails depending on FQDN entered by end user
December 18, 2017 05:31AM
See attached picture for topology with nginx reverse proxy (fqdn proxy.com) for server with fqdn endpoint.com.
Between internet and LAN is a router forwarding all traffic on port 443 to proxy.com

Internet DNS records for proxy.com and endpoint.com point to Firewall external IP.
LAN DNS records for proxy.com and endpoint.com point to local IP addresses of these hosts.

When user enters proxy.com he is proxied to endpoint.com , he gets login screen of endpoint.com but authentication fails.
When user enters endpoint.com he is proxied to endpoint.com , he gets login screen of endpoint.com and authentication succeeds.

Why is authentication failing when proxy.com is used in the end user's browser?

Here is the nginx config for the proxy:

proxy_pass https://endpoint.com;

more_set_input_headers 'Authorization: $http_authorization';
proxy_set_header Accept-Encoding "";

proxy_set_header X_FORWARDED_PROTO https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Url-Scheme $scheme;
proxy_redirect off;
proxy_max_temp_file_size 0;
Attachments:
open | download - nginx_1.jpg (114.3 KB)
[SOLVED] Re: Authentication fails depending on FQDN entered by end user
December 19, 2017 06:01AM
Upstream SUSE server showed this line in the logs:
"No issuer certificate for certificate in certification path found".

This was solved by entering the full chain of certificates (root, intermediate, server) into the crt file that the proxy presents to the upstream server to identify itself.
The server directive line in nginx;

proxy_ssl_certificate /etc/nginx/ssl/public.crt;
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 117
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready