stackoom
  简体   繁体   中英

Authentication problems with spring security behind nginx reverse proxy

 原文  2019-07-14 17:59:28       spring-boot/ nginx/ spring-security/ reverse-proxy/ nginx-reverse-proxy

Question

I have a problem with Spring Security and a nginx reverse proxy server. Most of my routes are protected by Basic Auth in my Spring boot application. However, I want to have a specific set of route protected only by the nginx basic auth.

Unfortunately, I have the problem that the route asks always for both authentications.

I created a location targeting this specific spring route. The spring app and the nginx server are each running in a separate docker container.

This is my Spring Security setting. 

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authorizeRequests()
                .antMatchers("/reporting/**").permitAll()
                .antMatchers("/user/create").hasRole("ADMIN")
                .anyRequest().authenticated()
                .and()
                .httpBasic();
    }

This is my location: 

  location /smartphone-reporting {
    rewrite /smartphone-reporting(.*)$ $1 break;
    proxy_pass          http://172.17.0.1:8888/reporting;
    auth_basic "Restricted Content";
    auth_basic_user_file /etc/nginx/htpasswd.users;
  }

In my nginx server config, I have defined these header parameters: 

server {
  ...
  # Add X-Forwarded-* headers
  proxy_set_header        X-Forwarded-Host $hostname;
  proxy_set_header        X-Forwarded-Proto $scheme;
  proxy_set_header        Upgrade $http_upgrade;
  proxy_set_header        Connection "upgrade";
  proxy_set_header        X-Cert $ssl_client_s_dn;
}

If I use curl on the server on the proxy_pass route, I receive a response without any authentication. If I make a request from outside the server, I end up in an endless loop which asks for both authentication types.

How do I have to setup the nginx that this is working?

1 answers

solution1
 0 ACCPTED  2019-07-16 06:51:13

I solved it. My rewrite rule did not forward to /reporting in Spring and I needed to clear the authentication header.

The following location configuration works for me: 

  location /smartphone-reporting/ {
    proxy_pass          http://172.17.0.1:8888/reporting/;
    auth_basic "Restricted Content";
    auth_basic_user_file /etc/nginx/htpasswd.users;
    proxy_set_header Authorization "";    
  }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring security behind Apache reverse proxy Spring boot - Spring security behind Apache reverse proxy nginx - multiple reverse proxy for spring boot applications (enabled spring security) Spring boot (with security) behind Kong reverse proxy not working correctly Config problem - Serve react app and spring boot backend with http basic-authentication behind nginx https reverse proxy orchested by docker SpringBoot API REST behind NGINX reverse proxy Nginx Reverse Proxy Websocket Authentication - HTTP 403 Spring Boot with OAuth2 behind reverse proxy zk spring boot behind a proxy ( nginx ) Gzip on Spring server or Nginx (reverse proxy)?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM