On Mon, May 4, 2009 at 8:03 PM, Nicholas Orr <[email protected]> wrote:
> I don't see why I'd need to make the change in local.ini that is being
> suggested as I don't want any auth at all on couchdb. I did make the change
> to see what happens
>
> [httpd] bind_address = 209.x.76.x authentication_handler = {couch_httpd,
> null_authentication_handler}
>
> response I got was: {"error":"unknown_error","reason":"undef"}
This looks like you are using a version of CouchDB prior to the
addition of the null_authentication_handler.
null_authentication_handler is designed for use with nginx in this
configuration. the simplest option is to upgrade couchdb to latest
trunk.
if you can't do that for some reason you'll need to try something
else, like perhaps preventing nginx from forwarding the headers.
good luck!
>
> So that doesn't work anyway.
>
> Right now the only way I see being able to connect to 127.0.0.1:5984 is via
> a ssh tunnel - which works - however it is not ideal.
>
> You guys that claim to have nginx proxy to couchdb - are you then using a
> user/pass everywhere (in code running on localhost)? I don't want to do that
> and seems entirely possible. Must be more nginx params to specify to achieve
> it..
>
> Nick
>
> On Mon, Apr 13, 2009 at 9:37 AM, Samuel Wan <[email protected]> wrote:
>
>> Thanks Jan, both of your suggestions work as described.
>>
>> In case anyone else is interested, I wasn't able to suppress the
>> authentication headers with either the Nginx directives
>> "set_hide_header Authorization" or "set_hide_header WWW-Authenticate".
>>
>> -Sam
>>
>> On Sun, Apr 12, 2009 at 3:32 AM, Jan Lehnardt <[email protected]> wrote:
>> > Hi,
>> >
>> > I think nginx passes on auth headers and the default auth handler
>> > in CouchDB then tries to verify it which it can't because you don't
>> > have any admins. What works, I think, to have the same username
>> > and password combinations for CouchDB and the upstream proxy.
>> >
>> > If that's no feasible, I committed the `null_authentication_handler`
>> > that just accepts everybody.
>> >
>> > in your `local.ini` set:
>> >
>> > [httpd]
>> > authentication_handler = {couch_httpd, null_authentication_handler}
>> >
>> > Note that this is available only in trunk since r762574
>> >
>> > Cheers
>> > Jan
>> > --
>> >
>> >
>> > On 12 Apr 2009, at 07:29, Samuel Wan wrote:
>> >
>> >> I have also set up nginx as a reverse proxy to couchdb, and also
>> >> encountered the second login prompt mentioned by Alex Rudyk in his
>> >> email quoted below. The second authentication prompt looks like this:
>> >>
>> >> A username and password are being requested by http://<ip
>> >> address>. The site says: "administrator"
>> >>
>> >> I've confirmed that the proxy works without the auth turned on (except
>> >> for the known couch.js subdirectory URL issue). I've also confirmed
>> >> that the default.ini and couchdb.ini files don't have admin
>> >> username/passwords activated.
>> >>
>> >> Here is my nginx configuration.
>> >>
>> >> location /couchdb {
>> >> rewrite /couchdb/(.*) /$1 break;
>> >> proxy_pass http://localhost:5984;
>> >> proxy_redirect off;
>> >> proxy_set_header Host $host;
>> >> proxy_set_header X-Real-IP $remote_addr;
>> >> proxy_set_header X-Forwarded-For
>> >> $proxy_add_x_forwarded_fo$
>> >> auth_basic "Restricted";
>> >> auth_basic_user_file htpasswd;
>> >> }
>> >>
>> >> Does the auth_basic directive pass along some kind of authentication
>> >> request to the proxied CouchDB server? It seems that the CouchDB
>> >> authentication is getting triggered even though I haven't modified the
>> >> local.ini or default.ini files.
>> >>
>> >> -Sam
>> >>
>> >> ---------------------
>> >> From "Alex Rudyk" <[email protected]>
>> >> Subject Basic auth using Nginx as proxy
>> >> Date Mon, 12 Jan 2009 03:13:06 GMT
>> >>
>> >> I am trying to setup basic auth for couchdb that is proxied by Nginx.
>> >> I setuped nginx proxy and it works very well but when I am adding basic
>> >> auth
>> >> for nginx it pass Nginx basic auth module, but browser show "enter user
>> >> name
>> >> and password" dialog once again with real "administrator" that I think
>> is
>> >> goes from couchdb new default_authentication_handler. My nginx realm
>> name
>> >> is
>> >> "Restricted".
>> >> Here is nginx config file:
>> >>
>> >> server {
>> >> listen 8088;
>> >> server_name couchdb;
>> >> location / {
>> >> proxy_pass http://127.0.0.1:5984;
>> >> proxy_redirect off;
>> >> proxy_set_header Port $proxy_port;
>> >> proxy_set_header X-Real-IP $remote_addr;
>> >> proxy_set_header X-Forwarded-For
>> >> $proxy_add_x_forwarded_for;
>> >>
>> >> auth_basic "Restricted";
>> >> auth_basic_user_file htpasswd;
>> >>
>> >> }
>> >> }
>> >>
>> >> Does any body have some ideas how to fix this?
>> >>
>> >
>> >
>>
>
--
Chris Anderson
http://jchrisa.net
http://couch.io
