id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,uname,nginx_version 2198,Authorization from auth_request,B3r3n06@…,,"Hello, I got a situation that cant be explained. On 2 servers exactly the same, both are: - with Ubuntu 20.04.2LTS from scratch - NGinx 1.21.0 from apt after added your repo - Same PHP-FPM (7.4) configuration & modules - Same NGinx configs (main & auth server) - Same permissions/ownership at all levels (sock, config files etc). Despite this, one auth_request sent to the backoffice server (that updates the Authorization header) works but the other fails. FAILS means the Authorization header is changed at the back office auth site, but the master server does not receive the header updated, still keeping and sending the old one from client to the proxied server. I tried with more_set_headers as well, no change. The dump & configs details you have are EXACTLY the same on both servers, IP included... I faced this already once, but NGinx was 1.14. Once updated to 1.19.0, the issues was solved, so I consider it was a NGinx version issue. Here .21 (>.19) should be ok then... Thanks for your feedback Brgrds CALLING CONFIG: location /subdir { auth_request /auth; auth_request_set $auth_status $upstream_status; proxy_pass http://172.29.0.254:8080; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection ""Upgrade""; proxy_set_header Host $host; } location = /auth { internal; proxy_pass http://localhost:8001; proxy_pass_request_body off; proxy_set_header Content-Length """"; proxy_set_header X-Original-URI $request_uri; proxy_set_header X-Original-Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; } ## Back office Authenticating site: server { listen 127.0.0.1:8001; server_name localhost; access_log /var/log/nginx/vigrid_auth-access.log; error_log /var/log/nginx/vigrid_auth-error.log; root /home/gns3/vigrid/www/auth; index vigrid-auth.php; # hide version server_tokens off; location ~ /\.ht { deny all; } location / { # cleaning location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { log_not_found off; } location ~ \.css { add_header Content-Type text/css; } location ~ \.js { add_header Content-Type application/x-javascript; } location ~ \.eot { add_header Content-Type application/vnd.ms-fontobject; } location ~ \.woff { add_header Content-Type font/woff; } location ~* \.(htm|html|php)$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index vigrid-auth.php; fastcgi_pass_header Authorization; include /etc/nginx/fastcgi_params; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } location ~ ^/(images|javascript|js|css|flash|media|static|font)/ { expires 7d; } location ~ /\.ht { deny all; } try_files $uri $uri/ /vigrid-auth.php?$args; } } ",defect,closed,major,,nginx-core,,invalid,,,Linux vigrid-gns3 5.4.0-74-generic #83-Ubuntu SMP Sat May 8 02:35:39 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux,"nginx version: nginx/1.21.0 built by gcc 9.3.0 (Ubuntu 9.3.0-10ubuntu2) built with OpenSSL 1.1.1f 31 Mar 2020 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fdebug-prefix-map=/data/builder/debuild/nginx-1.21.0/debian/debuild-base/nginx-1.21.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'"