Previous Message Next Message
Forum List Message List New Topic Print View
Litichevskij Vova
February 23, 2017 12:04PM
Thank you, Francis, for your answer.
The question is more metaphysical, actually, —
why the module what declares that it "implements client authorization based on the result of a subrequest"
does not allow to use direct external URI as value for the address of this "sbrequest"; and the subrequest's
address occupies path of the protected resource.
Anyway, thank you!


> On Feb 22, 2017, at 10:14 PM, Francis Daly <francis@daoine.org> wrote:
>
> On Wed, Feb 22, 2017 at 03:55:48AM +0200, Litichevskij Vova wrote:
>
> Hi there,
>
>> Or in this way with named location:
>>
>> server {
>>
>> location / {
>> auth_request @auth;
>> proxy_pass http://protected.resource;
>> }
>>
>> location @auth {
>> proxy_pass http://external.url;
>> }
>> }
>> In this case the error is almost the same:
>>
>> 2017/02/22 03:13:25 [error] 25476#0: *34 open() "/usr/local/html@auth" failed (2: No such file or directory), client: 127.0.0.1, server: , request: "GET / HTTP/1.1", subrequest: "@auth", host: "127.0.0.1"
>
> I would (naively?) have expected the named location to Just Work. But
> clearly it doesn't.
>
>> I know there is a way like this:
>>
>> server {
>>
>> location / {
>> auth_request /_auth_check;
>> proxy_pass http://protected.resource;
>> }
>>
>> location /_auth_check {
>> internal;
>> proxy_pass http://external.url;
>> }
>> }
>> But in this case the http://protected.resource can not use the /_auth_check path.
>
> You can instead use "location = /_auth_check" if you are happy to reserve
> exactly one url for internal use. (You'ld probably want to add a uri
> part to the hostname in the proxy_pass directive.)
>
> Or you could play games, and use a location which looks like it is a
> named location, but actually is not, and is just a location that is
> unlikely to be accessed directly, such as "location = @auth".
>
>> Is there a way to use an external URI as a parameter for the auth_request directive without overlapping the http://protected.resource routing?
>
> auth_request takes an argument which is a local uri.
>
>> It looks a little bit strange to look for the auth_request's URI through static files (/usr/local/html).
>
> It does whatever you configured nginx to do with that uri. (Apart from
> the "@named" piece, which I'm not sure about.)
>
> Cheers,
>
> f
> --
> Francis Daly francis@daoine.org
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

how can I use external URI with the auth_request module

Litichevskij Vova February 21, 2017 08:56PM

Re: how can I use external URI with the auth_request module

Francis Daly February 22, 2017 03:16PM

Re: how can I use external URI with the auth_request module

Litichevskij Vova February 23, 2017 12:04PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 176
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready