couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Samuel Wan <...@samuelwan.com>
Subject Re: auth using Nginx as proxy
Date Sun, 12 Apr 2009 23:37:54 GMT
Thanks Jan, both of your suggestions work as described.

In case anyone else is interested, I wasn't able to suppress the
authentication headers with either the Nginx directives
"set_hide_header Authorization" or "set_hide_header WWW-Authenticate".

-Sam

On Sun, Apr 12, 2009 at 3:32 AM, Jan Lehnardt <jan@apache.org> wrote:
> Hi,
>
> I think nginx passes on auth headers and the default auth handler
> in CouchDB then tries to verify it which it can't because you don't
> have any admins. What works, I think, to have the same username
> and password combinations for CouchDB and the upstream proxy.
>
> If that's no feasible, I committed the `null_authentication_handler`
> that just accepts everybody.
>
> in your `local.ini` set:
>
> [httpd]
> authentication_handler = {couch_httpd, null_authentication_handler}
>
> Note that this is available only in trunk since r762574
>
> Cheers
> Jan
> --
>
>
> On 12 Apr 2009, at 07:29, Samuel Wan wrote:
>
>> I have also set up nginx as a reverse proxy to couchdb, and also
>> encountered the second login prompt mentioned by Alex Rudyk in his
>> email quoted below. The second authentication prompt looks like this:
>>
>>      A username and password are being requested by http://<ip
>> address>. The site says: "administrator"
>>
>> I've confirmed that the proxy works without the auth turned on (except
>> for the known couch.js subdirectory URL issue). I've also confirmed
>> that the default.ini and couchdb.ini files don't have admin
>> username/passwords activated.
>>
>> Here is my nginx configuration.
>>
>>       location /couchdb {
>>               rewrite /couchdb/(.*) /$1 break;
>>               proxy_pass http://localhost:5984;
>>               proxy_redirect     off;
>>               proxy_set_header   Host             $host;
>>               proxy_set_header   X-Real-IP        $remote_addr;
>>               proxy_set_header   X-Forwarded-For
>>  $proxy_add_x_forwarded_fo$
>>               auth_basic "Restricted";
>>               auth_basic_user_file htpasswd;
>>       }
>>
>> Does the auth_basic directive pass along some kind of authentication
>> request to the proxied CouchDB server? It seems that the CouchDB
>> authentication is getting triggered even though I haven't modified the
>> local.ini or default.ini files.
>>
>> -Sam
>>
>> ---------------------
>> From    "Alex Rudyk" <alex.ru...@gmail.com>
>> Subject Basic auth using Nginx as proxy
>> Date    Mon, 12 Jan 2009 03:13:06 GMT
>>
>> I am trying to setup basic auth for couchdb that is proxied by Nginx.
>> I setuped nginx proxy and it works very well but when I am adding basic
>> auth
>> for nginx it pass Nginx basic auth module, but browser show "enter user
>> name
>> and password" dialog once again with real "administrator" that I think is
>> goes from couchdb new default_authentication_handler. My nginx realm name
>> is
>> "Restricted".
>> Here is nginx config file:
>>
>> server {
>>     listen        8088;
>>   server_name   couchdb;
>>     location / {
>>       proxy_pass http://127.0.0.1:5984;
>>               proxy_redirect off;
>>               proxy_set_header   Port             $proxy_port;
>>               proxy_set_header   X-Real-IP        $remote_addr;
>>               proxy_set_header   X-Forwarded-For
>> $proxy_add_x_forwarded_for;
>>
>>       auth_basic            "Restricted";
>>               auth_basic_user_file  htpasswd;
>>
>>       }
>> }
>>
>> Does any body have some ideas how to fix this?
>>
>
>

Mime
View raw message