I want to use the auth_request and oauth2_proxy to set a header upon a successful authentication request and then pass that through to the next proxy inline that will handle the actual request.
I've setup NGINX and the various proxies to do their thing, however I'm unsure how to set the header from the server (AUTH PROXY in diagram) that I'm using for the auth request such that that header is passed to the next server (BACKEND SERVER in diagram)
NGINX ---- auth request ----> AUTH PROXY
|
| <--- 201 <------ SUCCESS
|
----> underlying request ----> BACKEND SERVER
My NGINX config looks like
server {
listen 9123;
resolver 10.3.0.2;
resolver_timeout 30;
location / {
auth_request /_auth;
proxy_set_header x-user $http_x_user;
proxy_pass http://backend_server;
}
location = /_auth {
internal;
proxy_pass https://auth;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
}
When I make the actual request I see the following in the NGINX debug logs (this is part of the response from the auth server):
2013/10/14 17:46:42 [debug] 31222#0: *4 http proxy header: "Content-Type: text/html; charset=utf-8"
2013/10/14 17:46:42 [debug] 31222#0: *4 http proxy header: "Date: Mon, 14 Oct 2013 17:46:42 GMT"
2013/10/14 17:46:42 [debug] 31222#0: *4 http proxy header: "Server: nginx/1.2.5"
2013/10/14 17:46:42 [debug] 31222#0: *4 http proxy header: "Vary: Cookie"
2013/10/14 17:46:42 [debug] 31222#0: *4 http proxy header: "x-user: 1"
I want to take the x-user
header and pass that through to the backend server.
I've tried various combinations in the location /
block but none of them have worked yet. E.g.
proxy_set_header x-user $upstream_http_x_user;
proxy_set_header x-user $http_x_user;
proxy_set_header x-user $sent_http_x_user;
proxy_pass_header x-user
None of these seem to work. Any ideas how I can accomplish this task? Please note that it's the auth proxy that's setting the header that I want to pass to the backend server,
Woop, figured it out. The correct NGINX config looks like this:
The issue is that you cannot assign the header directly into another header, you have to use
auth_request_set
to set the header into a variable and then assign that variable to a header.