Brane F. Gračnar Wrote:
-------------------------------------------------------
>
> You're removing Authorization request header
> before sending request to Apache
> server. That's why Apache cannot authenticate
> user.
>
> Comment-out the following line and try again:
>
> proxy_set_header Authorization "";
>

Hello Brane and thank you for your fast reply. I've commented the line and restarted NGINX; now the behaviour is:

1) I log to NGINX url and I give username and password. From backend Apache's access.log, with proxy_set_header Authorization ""; for NGINX disabled, now I see a log like this:

Aug 31 13:07:42 intranet intranet: "<BACKEND IP>" "<MY IP>, <NGINX IP>" "<NGINX USERNAME>" "[31/Aug/2011:13:07:42 +0200]" "GET / HTTP/1.0" "34" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1"

And from Apache's error log I see:

[Wed Aug 31 13:07:42 2011] [warn] [client <BACKEND IP>] [2903] auth_ldap authenticate: user <NGINX USER> authentication failed; URI / [User not found][No such object]

So username and password for NGINX are forwarded also to Apache. These errors where not displayed with the directive enabled.

---

2) I provide username and password for Apache's backend then from NGINX error.log I receive this error:

2011/08/31 13:01:19 [error] 6541#0: *5 user "<BACKEND USER>" was not found in "/etc/nginx/htpasswd", client: <my IP>, server: <NGINX IP>, request: "GET / HTTP/1.1", host: "<NGINX IP>"

NGINX tries to find the <BACKEND USER> credentials provided into /etc/nginx/htpasswd, insted of forward the request to the backend server.