How to get username from the form and pass it through nginx?

Question

How to get username from the form and pass it through nginx?

Howard-Chang opened this issue 6 years ago · 9 comments

Hi, I want to extract username from the login form, and pass it through nginx.
the nginx-ldap-auth-daemon.py, backend-sample-app.py, nginx-ldap-auth-daemon-ctl-rh.sh are default.
nginx.conf:

error_log logs/error.log debug;
events {
worker_connections 10240;
}
http {
    proxy_cache_path cache/  keys_zone=auth_cache:10m;
    upstream backend {
        server 127.0.0.1:9000;
        #server 127.0.0.1:5601;
    }
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    server {
        listen 8081;
        location / {
            auth_request /auth-proxy;
            error_page 401 =200 /login;
            proxy_set_header X-PROXY-USER $username;       //how to get the username in nginx?
            #proxy_pass http://backend/;
            proxy_pass http://localhost:5601;
        }
        location /login {
            proxy_pass http://backend/login;
            proxy_set_header X-Target $request_uri;
        }
        location = /auth-proxy {
            internal;
            proxy_pass http://127.0.0.1:8888;
            proxy_pass_request_body off;
            proxy_set_header Content-Length "";
            proxy_cache auth_cache;
            proxy_cache_valid 200 10m;
            proxy_cache_key "$http_authorization$cookie_nginxauth";
            proxy_set_header X-Ldap-URL      "ldap://localhost:389";
            proxy_set_header X-Ldap-BaseDN   "dc=xinhua,dc=org";
            proxy_set_header X-Ldap-BindDN   "cn=Manager,dc=xinhua,dc=org";
            proxy_set_header X-Ldap-BindPass "xxxxxx";
            proxy_set_header X-CookieName "nginxauth";
            proxy_set_header Cookie nginxauth=$cookie_nginxauth;
        }
    }
}

thank you in advance!

Answer 1 · 2018-07-06T05:27:50.000Z

Take a look at auth_request_set: http://nginx.org/en/docs/http/ngx_http_auth_request_module.html#auth_request_set

…

On Thu, Jul 5, 2018 at 9:24 PM, Howard-Chang ***@***.***> wrote: Hi, I want to extract username from the login form, and pass it through nginx. the nginx-ldap-auth-daemon.py, backend-sample-app.py, nginx-ldap-auth-daemon-ctl-rh.sh are default. nginx.conf: error_log logs/error.log debug; events { worker_connections 10240; } http { proxy_cache_path cache/ keys_zone=auth_cache:10m; upstream backend { server 127.0.0.1:9000; #server 127.0.0.1:5601; } log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; server { listen 8081; location / { auth_request /auth-proxy; error_page 401 =200 /login; **proxy_set_header X-PROXY-USER $username;** //how to get the username in nginx? #proxy_pass http://backend/; proxy_pass http://localhost:5601; } location /login { proxy_pass http://backend/login; proxy_set_header X-Target $request_uri; } location = /auth-proxy { internal; proxy_pass http://127.0.0.1:8888; proxy_pass_request_body off; proxy_set_header Content-Length ""; proxy_cache auth_cache; proxy_cache_valid 200 10m; proxy_cache_key "$http_authorization$cookie_nginxauth"; proxy_set_header X-Ldap-URL "ldap://localhost:389"; proxy_set_header X-Ldap-BaseDN "dc=xinhua,dc=org"; proxy_set_header X-Ldap-BindDN "cn=Manager,dc=xinhua,dc=org"; proxy_set_header X-Ldap-BindPass "xxxxxx"; proxy_set_header X-CookieName "nginxauth"; proxy_set_header Cookie nginxauth=$cookie_nginxauth; } } } thank you in advance! — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#47>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ADUMj_JqtLghLHmkRO9tunX-BbkiDKLNks5uDuaRgaJpZM4VE3QN> .

-- Faisal Memon Product Marketer Mobile: +1 (408) 425-5935 <//+1%20%28408%29%20425-5935> <https://nginx.com> <https://www.linkedin.com/company/2962671> <https://twitter.com/nginx> <https://www.facebook.com/nginxinc/>

Answer 2 · 2018-07-06T08:39:22.000Z

Hi @faisal-memon, thanks for your reply.
I have researched for a long time, and still can't work.
could you give me some hint : )
the form post field is "username".
nginx.conf:

error_log logs/error.log debug;
events {
worker_connections 10240;
}
http {
    proxy_cache_path cache/  keys_zone=auth_cache:10m;
    upstream backend {
        server 127.0.0.1:9000;
        #server 127.0.0.1:5601;
    }
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    server {
        listen 8081;
        location / {
            auth_request /auth-proxy;
            error_page 401 =200 /login;
            auth_request_set $user $upstream_http_x_user;// I am not sure is it correct? or how to modified it
            proxy_set_header X-PROXY-USER $user;
            #proxy_pass http://backend/;
            proxy_pass http://localhost:5601;
        }
        location /login {
            proxy_pass http://backend/login;
            proxy_set_header X-Target $request_uri;
        }
        location = /auth-proxy {
            internal;
            proxy_pass http://127.0.0.1:8888;
            proxy_pass_request_body off;
            proxy_set_header Content-Length "";
            proxy_cache auth_cache;
            proxy_cache_valid 200 10m;
            proxy_cache_key "$http_authorization$cookie_nginxauth";
            proxy_set_header X-Ldap-URL      "ldap://localhost:389";
            proxy_set_header X-Ldap-BaseDN   "dc=xinhua,dc=org";
            proxy_set_header X-Ldap-BindDN   "cn=Manager,dc=xinhua,dc=org";
            proxy_set_header X-Ldap-BindPass "9ol./;p0";
            proxy_set_header X-CookieName "nginxauth";
            proxy_set_header Cookie nginxauth=$cookie_nginxauth;
        }
    }
}

Answer 3 · 2018-07-06T17:08:44.000Z

Is it passed as an arg?

…

On Fri, Jul 6, 2018 at 1:39 AM, Howard-Chang ***@***.***> wrote: Hi @faisal-memon <https://github.com/faisal-memon>, thanks for your reply. I have researched for a long time, and still can't work. could you give me some hint : ) the form post field is "username". nginx.conf: error_log logs/error.log debug; events { worker_connections 10240; } http { proxy_cache_path cache/ keys_zone=auth_cache:10m; upstream backend { server 127.0.0.1:9000; #server 127.0.0.1:5601; } log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; server { listen 8081; location / { auth_request /auth-proxy; error_page 401 =200 /login; auth_request_set $user $upstream_http_x_user;// I am not sure is it correct? or how to modified it proxy_set_header X-PROXY-USER $user; #proxy_pass http://backend/; proxy_pass http://localhost:5601; } location /login { proxy_pass http://backend/login; proxy_set_header X-Target $request_uri; } location = /auth-proxy { internal; proxy_pass http://127.0.0.1:8888; proxy_pass_request_body off; proxy_set_header Content-Length ""; proxy_cache auth_cache; proxy_cache_valid 200 10m; proxy_cache_key "$http_authorization$cookie_nginxauth"; proxy_set_header X-Ldap-URL "ldap://localhost:389"; proxy_set_header X-Ldap-BaseDN "dc=xinhua,dc=org"; proxy_set_header X-Ldap-BindDN "cn=Manager,dc=xinhua,dc=org"; proxy_set_header X-Ldap-BindPass "9ol./;p0"; proxy_set_header X-CookieName "nginxauth"; proxy_set_header Cookie nginxauth=$cookie_nginxauth; } } } — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#47 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ADUMj-skgBlZuA1MmvVaH1N5x5lGoutlks5uDyJCgaJpZM4VE3QN> .

-- Faisal Memon Product Marketer Mobile: +1 (408) 425-5935 <//+1%20%28408%29%20425-5935> <https://nginx.com> <https://www.linkedin.com/company/2962671> <https://twitter.com/nginx> <https://www.facebook.com/nginxinc/>

Answer 4 · 2018-07-07T02:17:04.000Z

I solved the problem thx :)

Answer 5 · 2019-12-27T21:50:58.000Z

Is there a way to get the user agents username, as in the name of the PC from nginx?

Answer 6 · 2019-12-27T21:51:27.000Z

I solved the problem thx :)

How did you solve it?

Answer 7 · 2020-01-04T11:48:59.000Z

This is how I solved it. I don't like it because it sends a header to the client with their username. Not sure how to prevent that yet.

location /chronograf {
  auth_request       /auth-2;
  auth_request_set   $user $upstream_http_x_organizr_user;
  add_header         X-USER $user;
  proxy_pass         $chronograf$request_uri;
}

log_format oauth '$host $remote_addr - $sent_http_x_user [$time_local] '
  '"$request" $status $body_bytes_sent '
  '"$http_referer" "$http_user_agent"';

Answer 8 · 2020-09-22T14:37:44.000Z

@Howard-Chang how did you solve it? Can you brief it? I'm facing a similar situation for Nginx-LDAP authentication.

Also what should be provided in the nginx config for ?
proxy_set_header X-Ldap-BindDN "cn=Manager,dc=xinhua,dc=org";
proxy_set_header X-Ldap-BindPass "9ol./;p0";