incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nicholas Orr <nicholas....@zxgen.net>
Subject Re: auth using Nginx as proxy
Date Tue, 05 May 2009 05:37:41 GMT
Well that makes sense. I have a ebuild here for getting the trunk version
installed.Think I'll just wait for 0.10 and use ssh tunnels for now.

Thanks Chris :)

On Tue, May 5, 2009 at 1:39 PM, Chris Anderson <jchris@apache.org> wrote:

> On Mon, May 4, 2009 at 8:03 PM, Nicholas Orr <nicholas.orr@zxgen.net>
> wrote:
>
> > I don't see why I'd need to make the change in local.ini that is being
> > suggested as I don't want any auth at all on couchdb. I did make the
> change
> > to see what happens
> >
> > [httpd] bind_address = 209.x.76.x authentication_handler = {couch_httpd,
> > null_authentication_handler}
> >
> > response I got was: {"error":"unknown_error","reason":"undef"}
>
> This looks like you are using a version of CouchDB prior to the
> addition of the null_authentication_handler.
>
> null_authentication_handler is designed for use with nginx in this
> configuration. the simplest option is to upgrade couchdb to latest
> trunk.
>
> if you can't do that for some reason you'll need to try something
> else, like perhaps preventing nginx from forwarding the headers.
>
> good luck!
>
> >
> > So that doesn't work anyway.
> >
> > Right now the only way I see being able to connect to 127.0.0.1:5984 is
> via
> > a ssh tunnel - which works - however it is not ideal.
> >
> > You guys that claim to have nginx proxy to couchdb - are you then using a
> > user/pass everywhere (in code running on localhost)? I don't want to do
> that
> > and seems entirely possible. Must be more nginx params to specify to
> achieve
> > it..
> >
> > Nick
> >
> > On Mon, Apr 13, 2009 at 9:37 AM, Samuel Wan <sam@samuelwan.com> wrote:
> >
> >> Thanks Jan, both of your suggestions work as described.
> >>
> >> In case anyone else is interested, I wasn't able to suppress the
> >> authentication headers with either the Nginx directives
> >> "set_hide_header Authorization" or "set_hide_header WWW-Authenticate".
> >>
> >> -Sam
> >>
> >> On Sun, Apr 12, 2009 at 3:32 AM, Jan Lehnardt <jan@apache.org> wrote:
> >> > Hi,
> >> >
> >> > I think nginx passes on auth headers and the default auth handler
> >> > in CouchDB then tries to verify it which it can't because you don't
> >> > have any admins. What works, I think, to have the same username
> >> > and password combinations for CouchDB and the upstream proxy.
> >> >
> >> > If that's no feasible, I committed the `null_authentication_handler`
> >> > that just accepts everybody.
> >> >
> >> > in your `local.ini` set:
> >> >
> >> > [httpd]
> >> > authentication_handler = {couch_httpd, null_authentication_handler}
> >> >
> >> > Note that this is available only in trunk since r762574
> >> >
> >> > Cheers
> >> > Jan
> >> > --
> >> >
> >> >
> >> > On 12 Apr 2009, at 07:29, Samuel Wan wrote:
> >> >
> >> >> I have also set up nginx as a reverse proxy to couchdb, and also
> >> >> encountered the second login prompt mentioned by Alex Rudyk in his
> >> >> email quoted below. The second authentication prompt looks like this:
> >> >>
> >> >>      A username and password are being requested by http://<ip
> >> >> address>. The site says: "administrator"
> >> >>
> >> >> I've confirmed that the proxy works without the auth turned on
> (except
> >> >> for the known couch.js subdirectory URL issue). I've also confirmed
> >> >> that the default.ini and couchdb.ini files don't have admin
> >> >> username/passwords activated.
> >> >>
> >> >> Here is my nginx configuration.
> >> >>
> >> >>       location /couchdb {
> >> >>               rewrite /couchdb/(.*) /$1 break;
> >> >>               proxy_pass http://localhost:5984;
> >> >>               proxy_redirect     off;
> >> >>               proxy_set_header   Host             $host;
> >> >>               proxy_set_header   X-Real-IP        $remote_addr;
> >> >>               proxy_set_header   X-Forwarded-For
> >> >>  $proxy_add_x_forwarded_fo$
> >> >>               auth_basic "Restricted";
> >> >>               auth_basic_user_file htpasswd;
> >> >>       }
> >> >>
> >> >> Does the auth_basic directive pass along some kind of authentication
> >> >> request to the proxied CouchDB server? It seems that the CouchDB
> >> >> authentication is getting triggered even though I haven't modified
> the
> >> >> local.ini or default.ini files.
> >> >>
> >> >> -Sam
> >> >>
> >> >> ---------------------
> >> >> From    "Alex Rudyk" <alex.ru...@gmail.com>
> >> >> Subject Basic auth using Nginx as proxy
> >> >> Date    Mon, 12 Jan 2009 03:13:06 GMT
> >> >>
> >> >> I am trying to setup basic auth for couchdb that is proxied by Nginx.
> >> >> I setuped nginx proxy and it works very well but when I am adding
> basic
> >> >> auth
> >> >> for nginx it pass Nginx basic auth module, but browser show "enter
> user
> >> >> name
> >> >> and password" dialog once again with real "administrator" that I
> think
> >> is
> >> >> goes from couchdb new default_authentication_handler. My nginx realm
> >> name
> >> >> is
> >> >> "Restricted".
> >> >> Here is nginx config file:
> >> >>
> >> >> server {
> >> >>     listen        8088;
> >> >>   server_name   couchdb;
> >> >>     location / {
> >> >>       proxy_pass http://127.0.0.1:5984;
> >> >>               proxy_redirect off;
> >> >>               proxy_set_header   Port             $proxy_port;
> >> >>               proxy_set_header   X-Real-IP        $remote_addr;
> >> >>               proxy_set_header   X-Forwarded-For
> >> >> $proxy_add_x_forwarded_for;
> >> >>
> >> >>       auth_basic            "Restricted";
> >> >>               auth_basic_user_file  htpasswd;
> >> >>
> >> >>       }
> >> >> }
> >> >>
> >> >> Does any body have some ideas how to fix this?
> >> >>
> >> >
> >> >
> >>
> >
>
>
>
> --
> Chris Anderson
> http://jchrisa.net
> http://couch.io
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message