Opened 7 years ago

Closed 7 years ago

#406 closed defect (invalid)

Auth request module fails certain requests (http status 415)

Reported by: Morten Haraldsen Owned by:
Priority: minor Milestone:
Component: nginx-module Version:
Keywords: auth request Cc:
uname -a: 3.2.0-49-generic #75-Ubuntu SMP Tue Jun 18 17:39:32 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.5.4
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-pcre-jit --with-debug --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_mp4_module --with-http_perl_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_xslt_module --with-http_spdy_module --with-ipv6 --with-mail --with-mail_ssl_module --with-openssl=/build/buildd/nginx-1.5.4/debian/openssl-1.0.1e --add-module=/build/buildd/nginx-1.5.4/debian/modules/nginx-auth-pam --add-module=/build/buildd/nginx-1.5.4/debian/modules/headers-more-nginx-module --add-module=/build/buildd/nginx-1.5.4/debian/modules/nginx-development-kit --add-module=/build/buildd/nginx-1.5.4/debian/modules/nginx-echo --add-module=/build/buildd/nginx-1.5.4/debian/modules/lua-nginx-module-0.7.14rc2 --add-module=/build/buildd/nginx-1.5.4/debian/modules/nginx-http-push --add-module=/build/buildd/nginx-1.5.4/debian/modules/nginx-upload-progress --add-module=/build/buildd/nginx-1.5.4/debian/modules/nginx-upstream-fair --add-module=/build/buildd/nginx-1.5.4/debian/modules/nginx-dav-ext-module --add-module=/build/buildd/nginx-1.5.4/debian/modules/nginx-cache-purge

Description

I'm trying to use the newly included sub request module for using Atlassian JIRA as the authoritative server for all web-access for developers.

    location /auth {
        proxy_pass http://build:8099/jira/rest/api/latest/issue/FOO-1000;
        proxy_pass_request_body off;
        proxy_set_header Content-Length "";
        proxy_set_header X-Original-URI $request_uri;
        more_set_headers -s 401 'WWW-Authenticate: Basic realm="Restricted"';
    }

    location /svn {
        auth_request /auth;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://svn; # Apache SVN server (Apache HTTPD)
        proxy_buffering off;
        proxy_store     off;
        proxy_connect_timeout 120;
        proxy_send_timeout    120;
        proxy_read_timeout    120;
    }
2013/09/04 09:41:04 [error] 61565#0: *9978 auth request unexpected status: 415 while sending to client, client: x.x.x.x, server: svn, request: "PUT /svn/... HTTP/1.1", host: "svn"

Change History (1)

comment:1 by Maxim Dounin, 7 years ago

Resolution: invalid
Status: newclosed

It's not auth request which fails with 415, it's your auth script which returns 415 for some reason. The only status codes auth request module expects from subrequests are 2xx, 401 and 403, see http://nginx.org/en/docs/http/ngx_http_auth_request_module.html.

Note: See TracTickets for help on using tickets.