Setting headers with NGINX auth_request and oauth2

2019-03-09 03:18发布

I want to use the auth_request and oauth2_proxy to set a header upon a successful authentication request and then pass that through to the next proxy inline that will handle the actual request.

I've setup NGINX and the various proxies to do their thing, however I'm unsure how to set the header from the server (AUTH PROXY in diagram) that I'm using for the auth request such that that header is passed to the next server (BACKEND SERVER in diagram)

NGINX ---- auth request ----> AUTH PROXY
                                  |
  |     <---      201  <------  SUCCESS
  |
  ----> underlying request ----> BACKEND SERVER

My NGINX config looks like

server {                                                       
    listen                   9123;                             
    resolver                 10.3.0.2;                         
    resolver_timeout         30;                               

    location / {                                               
        auth_request      /_auth;                             
        proxy_set_header x-user $http_x_user;                
        proxy_pass       http://backend_server;                
    }                                                          

    location = /_auth {                                       
        internal;                                              
        proxy_pass https://auth;          
        proxy_pass_request_body off;                           
        proxy_set_header Content-Length "";                    
        proxy_set_header X-Original-URI $request_uri;
    }                                                                                                                             
}                                                              

When I make the actual request I see the following in the NGINX debug logs (this is part of the response from the auth server):

2013/10/14 17:46:42 [debug] 31222#0: *4 http proxy header: "Content-Type: text/html; charset=utf-8"    
2013/10/14 17:46:42 [debug] 31222#0: *4 http proxy header: "Date: Mon, 14 Oct 2013 17:46:42 GMT"       
2013/10/14 17:46:42 [debug] 31222#0: *4 http proxy header: "Server: nginx/1.2.5"                       
2013/10/14 17:46:42 [debug] 31222#0: *4 http proxy header: "Vary: Cookie"                     
2013/10/14 17:46:42 [debug] 31222#0: *4 http proxy header: "x-user: 1"

I want to take the x-user header and pass that through to the backend server.

I've tried various combinations in the location / block but none of them have worked yet. E.g.

  • proxy_set_header x-user $upstream_http_x_user;
  • proxy_set_header x-user $http_x_user;
  • proxy_set_header x-user $sent_http_x_user;
  • proxy_pass_header x-user

None of these seem to work. Any ideas how I can accomplish this task? Please note that it's the auth proxy that's setting the header that I want to pass to the backend server,

1条回答
等我变得足够好
2楼-- · 2019-03-09 04:06

Woop, figured it out. The correct NGINX config looks like this:

location / {                                               
    auth_request      /_auth;                             
    auth_request_set $user $upstream_http_x_user;       
    proxy_set_header x-user $user;                
    proxy_pass       http://backend_server;                
}                                                          

The issue is that you cannot assign the header directly into another header, you have to use auth_request_set to set the header into a variable and then assign that variable to a header.

查看更多
登录 后发表回答