It just so happens I encountered a nasty issue with the HTTP Authorization header and nginx this week at work.
We have a listener which carries out some action according to whether our API is being called by an external system (OAuth), or from our own app (Basic auth), which was malfunctioning on our staging server. It gets called after the authentication has been done via the FOS OAuth bundle - and the FOS Oauth bundle helpfully removes the Authorization header from the Request before it completes its work. Our listener was working correctly on my local developer environment (still on Apache), where it was using apache_request_headers() to get the Authorization header. It was not working on our staging and production servers, which have recently been switched to nginx. If you want to access the Authorization header on nginx, you will need to get it via $_SERVER['HTTP_AUTHORIZATION'] - and according to our server admin, you also need to make sure your FPM config is set up correctly so that this value gets injected into $_SERVER. On Friday, 10 March 2017 17:00:39 UTC+13, Dave Lane wrote: > > Hello all, > > Hoping someone here has got an idea on this... > > The situation: > > 1. I'm running a app called Mautic (https://mautic.net - it's like your > own MailChimp, but on steroids - it's built on top of Symfony) in a > Docker container (running PHP 7.0 in FPM configuration, listening on > port 9000 - if you want to try it, see > https://hub.docker.com/r/kiwilightweight/mautic/ ) > > 2. the Docker host is running nginx, which then users the fastcgi_ > framework to make requests on the 127.0.0.1:9000 forward port, and the > Docker container is talking to a host-based MySQL instance for database. > > 3. The end-user Mautic web app runs fine. Everything works. > > 4. The problem I'm having is with authenticating external apps to use > the Mautic API, which supports OAuth2, 1.a, or basic HTTP Auth. For > simplicity's sake, I'm wanting to use Basic Auth (I have SSL enabled). > Problem is I consistently get a 401 "API authorization denied." despite > the fact that I know the user details I'm using are valid because they > allow the user to log into the app's front-end and access the relevant > data. > > Using the same exact configuration (including nginx config) of Mautic > (but different network dynamics and slightly different nginx version) on > my dev machine, I can make curl requests from the commandline without > authentication problems, so it doesn't seem to be directly related to my > container/host configuration. > > 5. The Mautic authentication options are handled using Symfony plugins - > Basic Auth is handled by Mautic's http-foundation library (i.e. not at > the webserver layer as most HTTP Auth implementations do) and valid > Mautic users can authenticate. > > I don't know much about Symfony or the HTTP_AUTHORIZATION header which > gets sent and somehow processed by the http-foundation libary. > > I'm hoping someone on this list might've seen this sort of problem > before and has some insight! I'd *love* to focus on developing > functionality based on being able to talk to my Mautic instance! > > Thanks in advance for any help! > > Dave > > -- > Dave Lane - [email protected] <javascript:>; https://davelane.nz; +64 21 > 229 8147 > GPG fingerprint: CE1E 5896 8D80 A78B E179 9E74 319B 083C 50EF AA94 > -- -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected] --- You received this message because you are subscribed to the Google Groups "NZ PHP Users Group" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
