How to use nginx to proxy to a host requiring authentication?

Question

How can I setup an nginx proxy_pass directive that will also include HTTP Basic authentication information sent to the proxy host?

This is an example of the URL I need to proxy to:

http://username:password@192.168.0.5/export?uuid=1234567890

The end goal is to allow 1 server present files from another server (the one we're proxying to) without exposing the URI of the proxy server. I have this working 90% correct now from following the Nginx config found here:

http://kovyrin.net/2010/07/24/nginx-fu-x-accel-redirect-remote/

I just need to add in the HTTP Basic authentication to send to the proxy server

score 77 · Answer 1 · edited Sep 29 '15 at 18:41

I did a writeup on this a while ago. See the details here:

http://shairosenfeld.blogspot.com/2011/03/authorization-header-in-nginx-for.html

For example:

 location / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://6.6.6.6:80;
    proxy_set_header Authorization "Basic a2luZzppc25ha2Vk";
 }

"a2luZzppc25ha2Vk" is "king:isnaked" base64 encoded, so that would work for

http://king:isnaked@6.6.6.6

Feel free to check out blog post for more details.

score 27 · Accepted Answer · answered Feb 03 '11 at 21:53

27

I got this working with alvosu's answer but I had to enter the word "Basic" inside the quotation of the base64 string so it looked like this:

proxy_set_header Authorization "Basic dGVzdHN0cmluZw==";

answered Feb 03 '11 at 21:53

bwizzy

1,345

score 6 · Answer 3 · edited Jan 21 '22 at 14:22

6

Set

proxy_set_header Authorization "Basic USER_AND_PASS"

where USER_AND_PASS = base64(user:pass).

edited Jan 21 '22 at 14:22

Per Henrik Lausten

535

answered Feb 03 '11 at 18:01

alvosu

8,595

score 5 · Answer 4 · answered Jan 11 '19 at 22:58

Remove the authorization header that gets passed forwarded by nginx with proxy_set_header Authorization "";.

I configured nginx to do basic auth but the Authorization header was getting passed along in the proxy_pass directive and the receiving end couldn't handle the token.

# Basic Auth
auth_basic "Private Stuff";
auth_basic_user_file /etc/nginx/.htpasswd;

location /server {
    proxy_pass http://172.31.31.140:9090;
    proxy_set_header Authorization "";
}

(Specific to my case, this error was returned Reason: No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken)

How to use nginx to proxy to a host requiring authentication?

4 Answers4

Linked