couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <jch...@apache.org>
Subject Re: auth using Nginx as proxy
Date Tue, 05 May 2009 03:39:56 GMT
On Mon, May 4, 2009 at 8:03 PM, Nicholas Orr <nicholas.orr@zxgen.net> wrote:

> I don't see why I'd need to make the change in local.ini that is being
> suggested as I don't want any auth at all on couchdb. I did make the change
> to see what happens
>
> [httpd] bind_address = 209.x.76.x authentication_handler = {couch_httpd,
> null_authentication_handler}
>
> response I got was: {"error":"unknown_error","reason":"undef"}

This looks like you are using a version of CouchDB prior to the
addition of the null_authentication_handler.

null_authentication_handler is designed for use with nginx in this
configuration. the simplest option is to upgrade couchdb to latest
trunk.

if you can't do that for some reason you'll need to try something
else, like perhaps preventing nginx from forwarding the headers.

good luck!

>
> So that doesn't work anyway.
>
> Right now the only way I see being able to connect to 127.0.0.1:5984 is via
> a ssh tunnel - which works - however it is not ideal.
>
> You guys that claim to have nginx proxy to couchdb - are you then using a
> user/pass everywhere (in code running on localhost)? I don't want to do that
> and seems entirely possible. Must be more nginx params to specify to achieve
> it..
>
> Nick
>
> On Mon, Apr 13, 2009 at 9:37 AM, Samuel Wan <sam@samuelwan.com> wrote:
>
>> Thanks Jan, both of your suggestions work as described.
>>
>> In case anyone else is interested, I wasn't able to suppress the
>> authentication headers with either the Nginx directives
>> "set_hide_header Authorization" or "set_hide_header WWW-Authenticate".
>>
>> -Sam
>>
>> On Sun, Apr 12, 2009 at 3:32 AM, Jan Lehnardt <jan@apache.org> wrote:
>> > Hi,
>> >
>> > I think nginx passes on auth headers and the default auth handler
>> > in CouchDB then tries to verify it which it can't because you don't
>> > have any admins. What works, I think, to have the same username
>> > and password combinations for CouchDB and the upstream proxy.
>> >
>> > If that's no feasible, I committed the `null_authentication_handler`
>> > that just accepts everybody.
>> >
>> > in your `local.ini` set:
>> >
>> > [httpd]
>> > authentication_handler = {couch_httpd, null_authentication_handler}
>> >
>> > Note that this is available only in trunk since r762574
>> >
>> > Cheers
>> > Jan
>> > --
>> >
>> >
>> > On 12 Apr 2009, at 07:29, Samuel Wan wrote:
>> >
>> >> I have also set up nginx as a reverse proxy to couchdb, and also
>> >> encountered the second login prompt mentioned by Alex Rudyk in his
>> >> email quoted below. The second authentication prompt looks like this:
>> >>
>> >>      A username and password are being requested by http://<ip
>> >> address>. The site says: "administrator"
>> >>
>> >> I've confirmed that the proxy works without the auth turned on (except
>> >> for the known couch.js subdirectory URL issue). I've also confirmed
>> >> that the default.ini and couchdb.ini files don't have admin
>> >> username/passwords activated.
>> >>
>> >> Here is my nginx configuration.
>> >>
>> >>       location /couchdb {
>> >>               rewrite /couchdb/(.*) /$1 break;
>> >>               proxy_pass http://localhost:5984;
>> >>               proxy_redirect     off;
>> >>               proxy_set_header   Host             $host;
>> >>               proxy_set_header   X-Real-IP        $remote_addr;
>> >>               proxy_set_header   X-Forwarded-For
>> >>  $proxy_add_x_forwarded_fo$
>> >>               auth_basic "Restricted";
>> >>               auth_basic_user_file htpasswd;
>> >>       }
>> >>
>> >> Does the auth_basic directive pass along some kind of authentication
>> >> request to the proxied CouchDB server? It seems that the CouchDB
>> >> authentication is getting triggered even though I haven't modified the
>> >> local.ini or default.ini files.
>> >>
>> >> -Sam
>> >>
>> >> ---------------------
>> >> From    "Alex Rudyk" <alex.ru...@gmail.com>
>> >> Subject Basic auth using Nginx as proxy
>> >> Date    Mon, 12 Jan 2009 03:13:06 GMT
>> >>
>> >> I am trying to setup basic auth for couchdb that is proxied by Nginx.
>> >> I setuped nginx proxy and it works very well but when I am adding basic
>> >> auth
>> >> for nginx it pass Nginx basic auth module, but browser show "enter user
>> >> name
>> >> and password" dialog once again with real "administrator" that I think
>> is
>> >> goes from couchdb new default_authentication_handler. My nginx realm
>> name
>> >> is
>> >> "Restricted".
>> >> Here is nginx config file:
>> >>
>> >> server {
>> >>     listen        8088;
>> >>   server_name   couchdb;
>> >>     location / {
>> >>       proxy_pass http://127.0.0.1:5984;
>> >>               proxy_redirect off;
>> >>               proxy_set_header   Port             $proxy_port;
>> >>               proxy_set_header   X-Real-IP        $remote_addr;
>> >>               proxy_set_header   X-Forwarded-For
>> >> $proxy_add_x_forwarded_for;
>> >>
>> >>       auth_basic            "Restricted";
>> >>               auth_basic_user_file  htpasswd;
>> >>
>> >>       }
>> >> }
>> >>
>> >> Does any body have some ideas how to fix this?
>> >>
>> >
>> >
>>
>



-- 
Chris Anderson
http://jchrisa.net
http://couch.io

Mime
View raw message