I want to authorize requests using a remote server that is using ssl. When I make requests with https I get nginx errors but when I use http it works. Now that I am writing this I'm thinking the issue is that the site isn't using ssl so that could cause proxy pass fails.
Thanks in advance! Aaron $ tail /var/log/nginx/error.log 2014/05/15 20:49:52 [error] 19355#0: *1 invalid URL prefix in " https://iam.ids.enernoc.net/api/v1/key/validation?permissions=dataset_DATQUAL1_read";, client: 10.100.1.157, server: localhost, request: "GET /api/v1/dataset/DATQUAL1?ids=17228629&start_dttm=1382486700&end_dttm=1382573100&gran=fivemin&ts_format=iso-8601&resp_format=json HTTP/1.1", subrequest: "/iams_auth", host: "10.160.1.52" 2014/05/15 20:49:52 [error] 19355#0: *1 auth request unexpected status: 500 while sending response to client, client: 10.100.1.157, server: localhost, request: "GET /api/v1/dataset/DATQUAL1?ids=17228629&start_dttm=1382486700&end_dttm=1382573100&gran=fivemin&ts_format=iso-8601&resp_format=json HTTP/1.1", host: "10.160.1.52" Ubuntu 14 LTS Nginx info $ /opt/nginx-1.6.0/sbin/nginx -V nginx version: nginx/1.6.0 built by gcc 4.8.2 (Ubuntu 4.8.2-19ubuntu1) configure arguments: --prefix=/opt/nginx-1.6.0 --conf-path=/etc/nginx/nginx.conf --sbin-path=/opt/nginx-1.6.0/sbin/nginx --with-http_auth_request_module server block: server { listen 80; ## listen for ipv4; this line is default and implied server_name localhost; gzip on; # authorization key to use with iam. set this to a default valid key. set $valid_key "Basic ZjNqejZNZlZTVDZuNWpjQjhLcEVkWXd3TnJqeng1VnJQQ0FYYU03V3pCY2dMU0F4Og=="; set $iams_server "https://iam.ids.enernoc.net/api/v1/key/validation"; location ~ ^/api/v1/dataset { if ($request_method != GET) { set $auth_request_uri "?permissions=create_dataset"; } if ($request_method = GET) { set $auth_request_uri "?permissions=list_dataset"; } auth_request /iams_auth; proxy_set_header Host $http_host; proxy_redirect off; proxy_set_header Server-Addr $server_addr; proxy_pass http://app_server; } location /iams_auth { resolver 10.160.0.2; proxy_pass $iams_server$auth_request_uri; proxy_pass_request_body off; proxy_set_header Content-Length ""; proxy_set_header X-Original-URI $request_uri; # We would like to use authentication but not enforce it upon our users immediately, therefore... # If the user does not provide basic authorization we will use the default valid key variable. # If the user does provide basic auth, pass that value along instead of the default valid key. if ($remote_user != ''){ set $valid_key $http_authorization; } proxy_set_header Authorization $valid_key; proxy_pass_request_headers on; } } upstream app_server { server unix:/tmp/ids-api.sock; }
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
