Closed Howard-Chang closed 6 years ago
Take a look at auth_request_set: http://nginx.org/en/docs/http/ngx_http_auth_request_module.html#auth_request_set
On Thu, Jul 5, 2018 at 9:24 PM, Howard-Chang notifications@github.com wrote:
Hi, I want to extract username from the login form, and pass it through nginx. the nginx-ldap-auth-daemon.py, backend-sample-app.py, nginx-ldap-auth-daemon-ctl-rh.sh are default. nginx.conf:
error_log logs/error.log debug; events { worker_connections 10240; } http { proxy_cache_path cache/ keys_zone=auth_cache:10m; upstream backend { server 127.0.0.1:9000;
server 127.0.0.1:5601;
} log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; server { listen 8081; location / { auth_request /auth-proxy; error_page 401 =200 /login; **proxy_set_header X-PROXY-USER $username;** //how to get the username in nginx? #proxy_pass http://backend/; proxy_pass http://localhost:5601; } location /login { proxy_pass http://backend/login; proxy_set_header X-Target $request_uri; } location = /auth-proxy { internal; proxy_pass http://127.0.0.1:8888; proxy_pass_request_body off; proxy_set_header Content-Length ""; proxy_cache auth_cache; proxy_cache_valid 200 10m; proxy_cache_key "$http_authorization$cookie_nginxauth"; proxy_set_header X-Ldap-URL "ldap://localhost:389"; proxy_set_header X-Ldap-BaseDN "dc=xinhua,dc=org"; proxy_set_header X-Ldap-BindDN "cn=Manager,dc=xinhua,dc=org"; proxy_set_header X-Ldap-BindPass "xxxxxx"; proxy_set_header X-CookieName "nginxauth"; proxy_set_header Cookie nginxauth=$cookie_nginxauth; } }
}
thank you in advance!
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/nginxinc/nginx-ldap-auth/issues/47, or mute the thread https://github.com/notifications/unsubscribe-auth/ADUMj_JqtLghLHmkRO9tunX-BbkiDKLNks5uDuaRgaJpZM4VE3QN .
-- Faisal Memon Product Marketer Mobile: +1 (408) 425-5935 <//+1%20%28408%29%20425-5935> https://nginx.com https://www.linkedin.com/company/2962671 https://twitter.com/nginx https://www.facebook.com/nginxinc/
Hi @faisal-memon, thanks for your reply. I have researched for a long time, and still can't work. could you give me some hint : ) the form post field is "username". nginx.conf:
error_log logs/error.log debug;
events {
worker_connections 10240;
}
http {
proxy_cache_path cache/ keys_zone=auth_cache:10m;
upstream backend {
server 127.0.0.1:9000;
#server 127.0.0.1:5601;
}
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
server {
listen 8081;
location / {
auth_request /auth-proxy;
error_page 401 =200 /login;
auth_request_set $user $upstream_http_x_user;// I am not sure is it correct? or how to modified it
proxy_set_header X-PROXY-USER $user;
#proxy_pass http://backend/;
proxy_pass http://localhost:5601;
}
location /login {
proxy_pass http://backend/login;
proxy_set_header X-Target $request_uri;
}
location = /auth-proxy {
internal;
proxy_pass http://127.0.0.1:8888;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_cache auth_cache;
proxy_cache_valid 200 10m;
proxy_cache_key "$http_authorization$cookie_nginxauth";
proxy_set_header X-Ldap-URL "ldap://localhost:389";
proxy_set_header X-Ldap-BaseDN "dc=xinhua,dc=org";
proxy_set_header X-Ldap-BindDN "cn=Manager,dc=xinhua,dc=org";
proxy_set_header X-Ldap-BindPass "9ol./;p0";
proxy_set_header X-CookieName "nginxauth";
proxy_set_header Cookie nginxauth=$cookie_nginxauth;
}
}
}
Is it passed as an arg?
On Fri, Jul 6, 2018 at 1:39 AM, Howard-Chang notifications@github.com wrote:
Hi @faisal-memon https://github.com/faisal-memon, thanks for your reply. I have researched for a long time, and still can't work. could you give me some hint : ) the form post field is "username". nginx.conf:
error_log logs/error.log debug; events { worker_connections 10240; } http { proxy_cache_path cache/ keys_zone=auth_cache:10m; upstream backend { server 127.0.0.1:9000;
server 127.0.0.1:5601;
} log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; server { listen 8081; location / { auth_request /auth-proxy; error_page 401 =200 /login; auth_request_set $user $upstream_http_x_user;// I am not sure is it correct? or how to modified it proxy_set_header X-PROXY-USER $user; #proxy_pass http://backend/; proxy_pass http://localhost:5601; } location /login { proxy_pass http://backend/login; proxy_set_header X-Target $request_uri; } location = /auth-proxy { internal; proxy_pass http://127.0.0.1:8888; proxy_pass_request_body off; proxy_set_header Content-Length ""; proxy_cache auth_cache; proxy_cache_valid 200 10m; proxy_cache_key "$http_authorization$cookie_nginxauth"; proxy_set_header X-Ldap-URL "ldap://localhost:389"; proxy_set_header X-Ldap-BaseDN "dc=xinhua,dc=org"; proxy_set_header X-Ldap-BindDN "cn=Manager,dc=xinhua,dc=org"; proxy_set_header X-Ldap-BindPass "9ol./;p0"; proxy_set_header X-CookieName "nginxauth"; proxy_set_header Cookie nginxauth=$cookie_nginxauth; } }
}
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/nginxinc/nginx-ldap-auth/issues/47#issuecomment-402968113, or mute the thread https://github.com/notifications/unsubscribe-auth/ADUMj-skgBlZuA1MmvVaH1N5x5lGoutlks5uDyJCgaJpZM4VE3QN .
-- Faisal Memon Product Marketer Mobile: +1 (408) 425-5935 <//+1%20%28408%29%20425-5935> https://nginx.com https://www.linkedin.com/company/2962671 https://twitter.com/nginx https://www.facebook.com/nginxinc/
I solved the problem thx :)
Is there a way to get the user agents username, as in the name of the PC from nginx?
I solved the problem thx :)
How did you solve it?
This is how I solved it. I don't like it because it sends a header to the client with their username. Not sure how to prevent that yet.
location /chronograf {
auth_request /auth-2;
auth_request_set $user $upstream_http_x_organizr_user;
add_header X-USER $user;
proxy_pass $chronograf$request_uri;
}
log_format oauth '$host $remote_addr - $sent_http_x_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
@Howard-Chang how did you solve it? Can you brief it? I'm facing a similar situation for Nginx-LDAP authentication.
Also what should be provided in the nginx config for ? proxy_set_header X-Ldap-BindDN "cn=Manager,dc=xinhua,dc=org"; proxy_set_header X-Ldap-BindPass "9ol./;p0";
Hi, I want to extract username from the login form, and pass it through nginx. the nginx-ldap-auth-daemon.py, backend-sample-app.py, nginx-ldap-auth-daemon-ctl-rh.sh are default. nginx.conf:
thank you in advance!