Welcome! Log In Create A New Profile

Advanced

Can Nginx reverse read response headers from a subrequest authorization server

Posted by ganesh272 
Forum List Message List New Topic
ganesh272
Can Nginx reverse read response headers from a subrequest authorization server
July 28, 2020 01:18AM
Hello,


I'm trying to use Nginx as a reverse proxy that authorizes users in a subrequest through an authorization server (as mentioned in https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/) and forward them to various protected servers.

I am looking for the best way to implement the forwarding to the various servers—my initial thoughts of going about it were

1. Add a new location block for each new server

A sample nginx conf gile for (1) looks like this:-
location / {
auth_request /auth;
auth_request_set $auth_status $upstream_status;
proxy_pass https://myprivateserver.com;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location = /auth {
internal;
proxy_pass https://myauthorizationserver.com/test/auth;
proxy_set_header X-Original-URI $request_uri;
}

I would like to avoid adding a new location block for each server I spin up since that would require updating the conf file and reloading nginx each time. So my initial thoughts of going about it were:-

2. Get the server address to redirect to from the authorization server.

My sample nginx conf file looks like this:-
location / {
proxy_pass https://myauthorizationserver.com/test/auth;
proxy_redirect default;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}

So I tried to get my authorization server to return a redirect address, I would either have issues reading its response (using auth_request directive) or get a plain Forbidden message (using proxy_pass straight to the myauthorizationserver).

Is there a way I can get nginx to read the request body or headers from myauthorizationserver and perform a proxy_pass to them?




Thanks,
Ganesh



Edited 1 time(s). Last edit at 07/28/2020 01:20AM by ganesh272.
Reply Quote
Newer Topic Older Topic
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 184
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready