Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reconnect When Using an Auth Proxy With a Login Page #911

Open
r10r opened this issue Apr 5, 2022 · 1 comment
Open

Reconnect When Using an Auth Proxy With a Login Page #911

r10r opened this issue Apr 5, 2022 · 1 comment
Labels
question

Comments

@r10r
Copy link
Contributor

r10r commented Apr 5, 2022

Hi @tsl0922,

I want to use the Auth Proxy
feature with nginx as a reverse proxy and the auth request module.
The auth server returns 401 when the auth token cookie is expired.
Nginx intercepts the 401 errors and redirects the client the login page.

When I hit CTRL-R to reload the page I'm redirected to the login page as expected.
But the overlay Press Enter to Reconnect does not work.

How can the Press Enter to Reconnect handle this setup ? (page reload ?)

Btw. the /token handler always returns an empty token - is this not implemented yet?

# http://nginx.org/en/docs/http/ngx_http_upstream_module.html#directives
upstream auth_server {
        server $AUTH_SERVER;
}

upstream backend {
        server http://ttyd:7681;
}

server {
        listen 8080 default_server;
        listen [::]:8080 default_server;

        error_page 401 403 = @unauthorized;

        location / {
                proxy_pass http://backend;

                # See http://nginx.org/en/docs/http/ngx_http_auth_request_module.html
                auth_request /auth;
                auth_request_set $webauth_user $upstream_http_x_webauth_user;

                # enable websocket support for proxy
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                proxy_set_header Host $host;
                proxy_set_header X-WEBAUTH-USER $webauth_user;
                # See https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors
                proxy_intercept_errors on;
        }

        location @unauthorized {
                # requires the module nginx-mod-http-set-misc
                # See https://github.com/openresty/set-misc-nginx-module#set_escape_uri
                set_escape_uri $redirect_uri $request_uri;
                # The $http_host variable always contains the value of the HTTP *host* header.
                # The $http_host variable must be used because the port exposed by the container
                # may be different from the port where nginx actually listens on.
                # See also (https://nginx.org/en/docs/http/ngx_http_core_module.html#var_host)
                return 302 $scheme://$http_host/login?redirect_uri=$redirect_uri;
        }

    location = /auth {
                internal;
                proxy_pass http://auth_server;
                proxy_pass_request_body off;
                proxy_set_header Content-Length "";
                proxy_set_header X-Original-URI $request_uri;
    }

    location ~ ^/(login|logout) {
                proxy_pass http://auth_server;
                proxy_intercept_errors on;
    }
}
@r10r r10r added the question label Apr 5, 2022
@tsl0922
Copy link
Owner

tsl0922 commented Mar 29, 2024

Btw. the /token handler always returns an empty token - is this not implemented yet?

It's used for websocket auth, only return valid value on successful http auth.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@r10r @tsl0922