Opened 4 years ago

Closed 4 years ago

#1074 closed defect (invalid)

proxy_set_header Authorization not working

Reported by: wolfgang.grim@… Owned by:
Priority: minor Milestone:
Component: other Version: 1.6.x
Keywords: Authorization Cc:
uname -a: Linux raspberrypi 4.4.13-v7+ #894 SMP Mon Jun 13 13:13:27 BST 2016 armv7l GNU/Linux
nginx -V: nginx version: nginx/1.6.2
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt=-Wl,-z,relro --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_spdy_module --with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module --add-module=/build/nginx-sYtngi/nginx-1.6.2/debian/modules/nginx-auth-pam --add-module=/build/nginx-sYtngi/nginx-1.6.2/debian/modules/nginx-dav-ext-module --add-module=/build/nginx-sYtngi/nginx-1.6.2/debian/modules/nginx-echo --add-module=/build/nginx-sYtngi/nginx-1.6.2/debian/modules/nginx-upstream-fair --add-module=/build/nginx-sYtngi/nginx-1.6.2/debian/modules/ngx_http_substitutions_filter_module

Description

I try to pass an Authorization header to a backend proxy with the following configuration. Anyhow this does not work and in access.log the following error is reported:

192.168.80.145 - - [13/Sep/2016:22:18:15 +0200] "GET /cameraFrontHousePic/ HTTP/1.1" 401 186 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0"

The credentials I pass are created using:

echo "user:pass" | base64
server {
        listen         80;
        rewrite ^(.*) https://$host$1 permanent;
}


server {
    listen 443 ssl default_server;
    server_name wg.it.cx;

    ssl_certificate /home/pi/cert/fullchain1.pem;
    ssl_certificate_key /home/pi/cert/privkey1.pem;

    root /var/www/html;
    server_name example.g.local;
    index index.html index.htm;

    location / {
       try_files $uri $uri/ =404;
    }

    location /cameraFrontHousePic/ {
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_pass http://10.0.0.221/;
      proxy_set_header Authorization "Basic dXNlcjpwYXNzCg==";
      proxy_pass_header Authorization;


    }

Change History (2)

comment:1 by wolfgang.grim@…, 4 years ago

I found the solution immediately after filing this ticket.

echo also prints a new line therefore the base64 encoding simply is wrong -.-

echo -n "user:pass" | base64

gives the correct hash which is dXNlcjpwYXNz

comment:2 by Maxim Dounin, 4 years ago

Resolution: invalid
Status: newclosed
Note: See TracTickets for help on using tickets.