> On Mar 9, 2017, at 02:54, Dmitriy Pichugin via Mercurial > <[email protected]> wrote: > > Hi, > I’ve been struggling to use nginx as reverse proxy for SSL and authentication > with mercurial. > Problem was — mercurial does not accept REMOTE_USER which nginx passes after > authentication. > > My nginx config is: > > location / { > auth_basic "HG"; > auth_basic_user_file htpasswd; > proxy_pass http://127.0.0.1:8000; > proxy_redirect off; > proxy_buffering off; > proxy_set_header Host $host; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header X-Forwarded-Ssl on; > proxy_set_header Remote_User $remote_user; #### THIS is > for Remote_User which mercurial should check > proxy_set_header X-Forwarded-User $remote_user;
How are you running Mercurial? As a CGI script or via a WSGI container, and if so then which one? `Remote_User` (nor Remote-User, which would be a more standard spelling per RFCs) is not a standard HTTP header AFAIK. The usual header that's used for this purpose is X-Forwarded-User. You'll need to arrange to have your hgweb process read this header -- some containers will do this automatically, or you can read it in your hgweb.cgi or hgweb.wsgi script and set the REMOTE_USER variable. (Note that REMOTE_USER is an _environment variable_ passed to CGI scripts, not an HTTP header. HTTP headers passed to CGI scripts are prefixed with HTTP_, which is why you're seeing HTTP_REMOTE_USER with your configuration.) pacem in terris / мир / शान्ति / سَلاَم / 平和 Kevin R. Bullock _______________________________________________ Mercurial mailing list [email protected] https://www.mercurial-scm.org/mailman/listinfo/mercurial
