NginX, Reverse Proxies and Basic Auth

So you’ve got NginX up and running, you’ve got it proxying to a remote location and all is well in the world. But then, you get asked to put basic auth on one of the sites.

No problem you think. I’ll just create the htpasswd file and setup basic auth, it’s just two lines in nginx.conf right ?

auth_basic "Secure Area";
auth_basic_user_file .htpasswd;

But then you noticed that you’re getting prompted multiple times. Hmm, what can this be? Every document you look at for NginX looks the same as your config so what can be wrong?

The problem is because you’re reverse proxying. From what I’ve been able to figure out, NginX passes an authentication header to the proxy location and thus whatever you have at the other end (another webserver, Java servlet .. whever) also thinks it needs to authenticate so you get prompted again , and again etc.

The astute amongst us might have noticed (if you use a browser that actually shows it) the text you passed nginx for the “secure area” and on the second authentication this text is missing. This is because the first one comes from NginX and the second one is coming from your proxy destination.

Anyway, stop ranting Matt, we need the TL;DR version …

Ok just add this into your server definition in NginX:

proxy_set_header Authorization "";

and reload.

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *