support digest authentication as reverse proxy

[jkldgoefgkljefogeg]

Support digest authentication to origin when used with proxy_pass

Currently nginx reverse proxy only supports basic authentication with proxy_set_header Authorization

[erikdubbelboer]

Have you tried setting:

proxy_set_header   Authorization $http_authorization;
proxy_pass_header  Authorization;

I don't have a setup to test this but I think it should work.

[jkldgoefgkljefogeg]

The goal is to use nginx reverse proxy to strip HTTP authentication requested by origin, so client does not need to perform HTTP authentication.

[erikdubbelboer]

You want nginx to fill in the correct Authorization header for the upstream? If so I'm afraid that isn't possible as digest authentication is different for each request. This works with proxy_set_header Authorization for basic auth because for basic auth the header is always the same.

[jkldgoefgkljefogeg]

Yeah basically have digest auth work in the opposite direction (nginx as auth client, reads credentials from local file and answer challenges from origin)

[erikdubbelboer]

I don't think that's ever possible with nginx. The problem is that it usually requires 2 requests for digest auth. One to get the server nonce as response and the next request with the correct Authorization header.