Closed pablolop002 closed 7 years ago
Hi,
Can you include more of your location block please?
Here is a snippet from mine that is working how you desire:
location /htpc {
auth_request "off";
proxy_pass https://127.0.0.1:8085;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
Can you please confirm that you restarted nginx after making the config change?
Thanks,
My location block is:
location /RPC2 {
auth_request "off";
include scgi_params;
scgi_pass localhost:5000;
scgi_param SCRIPT_NAME /RPC2;
auth_basic "Restricted";
auth_basic_user_file /path/to/.htpasswd;
}
Without auth_basic
it works, but I need to secure the location.
Thanks for your response.
I've been able to recreate your issue. I'm looking to see if I can find a solution for you, but this may be a restriction with nginx or the auth_request module. For now, a quick solution would be to only include auth_request
in the location blocks you want to protect with PlexAuth instead of having it in the main server block.
Here is an example (Note: this config is not complete and will not work):
server {
auth_request /auth/; #Remove this line.
error_page 401 = @error401;
location @error401 {
add_header 'X-AfterAuth' 'test';
add_header X-Original-URI $request_uri;
if ($return != false) {
rewrite ^ https://secure.domain.com?return=$return_host$return redirect;
}
return 302 https://secure.domain.com;
}
location /nzbget {
###############
auth_request /auth/; #Put it in each location block instead.
###############
proxy_pass http://127.0.0.1:6789;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Hope this quick fix will help you out until a permanent solution can be found...
I've been able to recreate your issue. I'm looking to see if I can find a solution for you, but this may be a restriction with nginx or the auth_request module.
Thanks you about this.
For now, a quick solution would be to only include auth_request in the location blocks you want to protect with PlexAuth instead of having it in the main server block.
About this solution, I don't have auth_request
in the main server block. This is my server block config:
server {
listen 80;
server_name domain.com;
error_log /var/log/nginx/www.error.log info;
access_log /var/log/nginx/www.access.log;
root /usr/share/nginx/html/plexauth;
index index.php;
set $return $request_uri;
set $return_host $host;
error_page 401 = @error401;
location @error401 {
add_header 'X-AfterAuth' 'test';
add_header X-Original-URI $request_uri;
if ($return != false) {
rewrite ^ http://domain.com?return=$return_host$return redirect;
}
return 302 http://domain.com;
}
error_page 403 = @error403;
location @error403 {
return 302 http://domain.com/ad.html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi.conf;
}
location /admin_auth/ {
proxy_pass http://localhost:8087/auth/index.php?admin=true&uri=$return;
proxy_pass_request_body off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Content-Length '0';
}
location /auth/ {
proxy_pass http://localhost:8087/auth/;
proxy_pass_request_body off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Content-Length '0';
}
location /content {
auth_request /auth/;
root /var/www/html/index.html;
}
location /admin_content {
auth_request /admin_auth/;
root /var/www/html/index.html;
}
location /RPC2 {
auth_request "off";
include scgi_params;
scgi_pass 127.0.0.1:5000;
scgi_param SCRIPT_NAME /RPC2;
}
}
And the localhost server block:
server {
server_name = localhost;
listen 8087;
error_log /var/log/nginx-auth-error.log info;
root /usr/share/nginx/html/plexauth;
index index.php index.html;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi.conf;
}
}
Again, thanks you so much.
Can you please try adding satisfy any;
to the RPC2 location block?
location /RPC2 {
satisfy any;
auth_basic "Restricted";
auth_basic_user_file /path/to/file;
auth_request "off";
include scgi_params;
scgi_pass 127.0.0.1:5000;
scgi_param SCRIPT_NAME /RPC2;
}
Can you please try adding satisfy any; to the RPC2 location block?
location /RPC2 { satisfy any; auth_basic "Restricted"; auth_basic_user_file /path/to/file; auth_request "off"; include scgi_params; scgi_pass 127.0.0.1:5000; scgi_param SCRIPT_NAME /RPC2; }
This does not work :(
Okay, so I found the issue.
It seems to be a problem with error_page 401 = @error401;
If you comment that line out the config will work as you are expecting. However will not redirect unauthenticated users to the login screen for other situations. You may need to make some modifications for your specific setup for this to work as desired.
Just working out how you might go about this.
My suggestion would be to change PlexAuth to return a code other than 401. Then within nginx capture that code. I don't think there will be any other options with this one...
I solve this with a 302 redirect and a subdomain.
I want to disable auth on a location (/RPC for rutorrent) and set auth basic but
auth_request off,
andauth_request "off",
doesn't work. I'm using your musimux implementation.