Hi, On Mon, 11 Mar 2024 at 19:07, Roman Arutyunyan <a...@nginx.com> wrote:
> Hi, > > On Mon, Mar 11, 2024 at 12:24:44PM +0530, Vineet Naik wrote: > > Hello, > > > > I had sent the original email to the nginx mailing list address a week > ago. > > But I don't see it on the March 2024 archives page - > > https://mailman.nginx.org/pipermail/nginx/2024-March/thread.html#start. > I > > am wondering if that's the case because I was not subscribed to the > mailing > > list at the time of sending the email (I have subscribed just now) or if > > it's stuck in moderation. > > > > Appreciate any help. > > > > Thanks, > > Vineet > > > > On Mon, 4 Mar 2024 at 11:52, Vineet Naik <naik...@gmail.com> wrote: > > > > > Hello, > > > > > > I am using the auth_request module to restrict access to static files > at > > > location `/`. I noticed that when authentication is successful, the > `/auth` > > > endpoint is receiving 2 requests for every request sent to nginx by the > > > client application. Interestingly, this only happens when the user is > > > logged in i.e. the `/auth` endpoint responds with 200 status code. > > > Otherwise, the auth endpoint is called only once. I have verified this > by > > > logging every incoming request to `/auth` handler in the server > > > application. > > It happens because of try_files. The last try_files argument performs > internal > redirect to the specified uri. Internal redirect is almost like a new > request. > While going through its phases, auth_request is processed again. > > https://nginx.org/en/docs/http/ngx_http_core_module.html#try_files This is helpful. Thanks. I'll try tweaking the config and see if this can be avoided. > > > > > I can see that the internal subrequests made by nginx to the auth > endpoint > > > are not being logged. Is there a way to enable logging for auth > > > subrequests? How do I investigate this further? > > Yes, use 'log_subrequest on': > > https://nginx.org/en/docs/http/ngx_http_core_module.html#log_subrequest > > > > Nginx config for reference: > > > > > > server { > > > listen 80; > > > server_name spapoc.local; > > > > > > access_log /var/log/nginx/spapoc.access.log main; > > > > > > location ~ ^/(login|logout) { > > > auth_request off; > > > proxy_pass http://127.0.0.1:5001; > > > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > > > proxy_set_header X-Forwarded-Proto $scheme; > > > proxy_set_header X-Forwarded-Host $host; > > > proxy_set_header X-Forwarded-Prefix /; > > > } > > > > > > location /xhr/ { > > > auth_request off; > > > proxy_pass http://127.0.0.1:5001/; > > > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > > > proxy_set_header X-Forwarded-Proto $scheme; > > > proxy_set_header X-Forwarded-Host $host; > > > proxy_set_header X-Forwarded-Prefix /; > > > } > > > > > > location = /favicon.ico { > > > auth_request off; > > > root /home/vmadmin/spa; > > > } > > > > > > location / { > > > auth_request /auth; > > > auth_request_set $auth_status $upstream_status; > > > error_page 401 = @error401; > > > > > > root /home/vmadmin/spa; > > > try_files $uri $uri/ /index.html; > > > } > > > > > > location = /auth { > > > internal; > > > auth_request off; > > > proxy_pass http://127.0.0.1:5001; > > > proxy_pass_request_body off; > > > proxy_set_header Content-Length ""; > > > proxy_set_header X-Original-URI $request_uri; > > > } > > > > > > location @error401 { > > > return 302 /login; > > > } > > > > > > #error_page 404 /404.html; > > > > > > # redirect server error pages to the static page /50x.html > > > # > > > error_page 500 502 503 504 /50x.html; > > > location = /50x.html { > > > root /usr/share/nginx/html; > > > } > > > } > > > > > > -- > > > Thanks, > > > Vineet > > > > > > > > > > -- > > ~ Vineet > > > _______________________________________________ > > nginx mailing list > > nginx@nginx.org > > https://mailman.nginx.org/mailman/listinfo/nginx > > -- > Roman Arutyunyan > _______________________________________________ > nginx mailing list > nginx@nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx > -- ~ Vineet
_______________________________________________ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx
