Nginx - Forward HTTP AUTH - User
Solution 1
Try adding this directives to your location block
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
Solution 2
To get this to work with Jenkins reverse proxy auth plugin:
proxy_set_header Authorization "";
proxy_set_header X-Forwarded-User $remote_user;
If you don't reset Authorization
header, nginx will forward that by default, and when enabling reverse proxy auth plugin, Jenkins (jetty) will try to re-authenticate the user, and fails on that.
nginx version 1.12.1, Jenkins 2.113.
Related videos on Youtube
![opHASnoNAME](https://i.stack.imgur.com/us7GK.jpg?s=256&g=1)
opHASnoNAME
If this Infrastructure works, it was build by me - if not .. eh someone else! When the sun shines: Working as one man DevOps Crew in Hamburg (StartUp). In love with Docker, Git, PHP (got a certification decades ago). I prefer Cloud, don't like Baremetal stuff. Deep into AWS and Azure.
Updated on September 18, 2022Comments
-
opHASnoNAME almost 2 years
I have some trouble with Nginx and Jenkins (Hudson). I am trying to use Nginx as Reverse Proxy for the Jenkins instance with HTTP Basic Authentication.
It works so far, but i have no idea how to pass the Header with the Authentication Username.
location / { auth_basic "Restricted"; auth_basic_user_file /usr/share/nginx/.htpasswd; sendfile off; proxy_pass http://192.168.178.102:8080; proxy_redirect default; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-User $http_authorization; proxy_max_temp_file_size 0; #this is the maximum upload size client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; }
-
Paul over 9 yearsNote you probably want an extra 'd' in "X-Forwared-User".
-
-
opHASnoNAME about 11 yearsThis header is passing: Username: Basic YXJuZTpraWxsZXI, not the correct name from http auth (;
-
Olli about 6 yearsAuthorization header must be base64 encoded header, yes. But that is not what the question is about. The question is about passing auth username in headers, not full authorization header.
-
Erutan409 over 5 yearsTHANK YOU! This is exactly what I was looking for. MUCH appreciated.
-
Enda Farrell almost 5 years
YXJuZTpraWxsZXI
decodes toarne:killer
- nice example @opHASnoNAME :-) -
phip1611 over 4 yearspass_header and set_header...? isn't this two times more or less the same effect? Both should work, shouldn't it?