Re: auth using Nginx as proxy

[Jan Lehnardt]

Hi,

I think nginx passes on auth headers and the default auth handler
in CouchDB then tries to verify it which it can't because you don't
have any admins. What works, I think, to have the same username
and password combinations for CouchDB and the upstream proxy.

If that's no feasible, I committed the `null_authentication_handler`
that just accepts everybody.

in your `local.ini` set:

[httpd]
authentication_handler = {couch_httpd, null_authentication_handler}

Note that this is available only in trunk since r762574

Cheers
Jan
--


On 12 Apr 2009, at 07:29, Samuel Wan wrote:

I have also set up nginx as a reverse proxy to couchdb, and also
encountered the second login prompt mentioned by Alex Rudyk in his
email quoted below. The second authentication prompt looks like this:

      A username and password are being requested by http://<ip
address>. The site says: "administrator"

I've confirmed that the proxy works without the auth turned on (except
for the known couch.js subdirectory URL issue). I've also confirmed
that the default.ini and couchdb.ini files don't have admin
username/passwords activated.

Here is my nginx configuration.

       location /couchdb {
               rewrite /couchdb/(.*) /$1 break;
               proxy_pass http://localhost:5984;
               proxy_redirect     off;
               proxy_set_header   Host             $host;
               proxy_set_header   X-Real-IP        $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_fo$

               auth_basic "Restricted";
               auth_basic_user_file htpasswd;
       }

Does the auth_basic directive pass along some kind of authentication
request to the proxied CouchDB server? It seems that the CouchDB
authentication is getting triggered even though I haven't modified the
local.ini or default.ini files.

-Sam

---------------------
From    "Alex Rudyk" <alex.ru...@gmail.com>
Subject Basic auth using Nginx as proxy
Date    Mon, 12 Jan 2009 03:13:06 GMT

I am trying to setup basic auth for couchdb that is proxied by Nginx.

I setuped nginx proxy and it works very well but when I am adding basic auth for nginx it pass Nginx basic auth module, but browser show "enter user name and password" dialog once again with real "administrator" that I think is goes from couchdb new default_authentication_handler. My nginx realm name is

"Restricted".
Here is nginx config file:

server {
     listen        8088;
   server_name   couchdb;
     location / {
       proxy_pass http://127.0.0.1:5984;
               proxy_redirect off;
               proxy_set_header   Port             $proxy_port;
               proxy_set_header   X-Real-IP        $remote_addr;
               proxy_set_header   X-Forwarded-For
$proxy_add_x_forwarded_for;

       auth_basic            "Restricted";
               auth_basic_user_file  htpasswd;

       }
}

Does any body have some ideas how to fix this?