Nginx - Forward HTTP AUTH - User

ubuntu nginx jenkins http-basic-authentication

67,211

Solution 1

Try adding this directives to your location block

proxy_set_header Authorization $http_authorization;
proxy_pass_header  Authorization;

Solution 2

To get this to work with Jenkins reverse proxy auth plugin:

proxy_set_header Authorization "";
proxy_set_header X-Forwarded-User $remote_user;

If you don't reset Authorization header, nginx will forward that by default, and when enabling reverse proxy auth plugin, Jenkins (jetty) will try to re-authenticate the user, and fails on that.

nginx version 1.12.1, Jenkins 2.113.

67,211

opHASnoNAME

If this Infrastructure works, it was build by me - if not .. eh someone else! When the sun shines: Working as one man DevOps Crew in Hamburg (StartUp). In love with Docker, Git, PHP (got a certification decades ago). I prefer Cloud, don't like Baremetal stuff. Deep into AWS and Azure.

Updated on September 18, 2022

Comments

opHASnoNAME almost 2 years

I have some trouble with Nginx and Jenkins (Hudson). I am trying to use Nginx as Reverse Proxy for the Jenkins instance with HTTP Basic Authentication.

It works so far, but i have no idea how to pass the Header with the Authentication Username.

location / {
  auth_basic "Restricted";
  auth_basic_user_file /usr/share/nginx/.htpasswd;
  sendfile off;

  proxy_pass         http://192.168.178.102:8080;
  proxy_redirect     default;
  proxy_set_header   Host             $http_host;
  proxy_set_header   X-Real-IP        $remote_addr;
  proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
  proxy_set_header   X-Forwarded-User $http_authorization; 
  proxy_max_temp_file_size 0;

  #this is the maximum upload size
  client_max_body_size       10m;
  client_body_buffer_size    128k;

  proxy_connect_timeout      90;
  proxy_send_timeout         90;
  proxy_read_timeout         90;             
  proxy_buffer_size          4k;
  proxy_buffers              4 32k;
  proxy_busy_buffers_size    64k;
  proxy_temp_file_write_size 64k;
}

Paul over 9 years

Note you probably want an extra 'd' in "X-Forwared-User".

opHASnoNAME about 11 years

This header is passing: Username: Basic YXJuZTpraWxsZXI, not the correct name from http auth (;
Olli about 6 years

Authorization header must be base64 encoded header, yes. But that is not what the question is about. The question is about passing auth username in headers, not full authorization header.
Erutan409 over 5 years

THANK YOU! This is exactly what I was looking for. MUCH appreciated.
Enda Farrell almost 5 years

YXJuZTpraWxsZXI decodes to arne:killer - nice example @opHASnoNAME :-)
phip1611 over 4 years

pass_header and set_header...? isn't this two times more or less the same effect? Both should work, shouldn't it?