I got an http server that uses the ports 9200 and 9292 (for logstash).
Since the server doesn't support authentication, I'd like to set an nginx reverse proxy to handle the authentication.
This is the configuration I used:
server {
listen 9292 default_server;
server_name proxy_host;
location / {
proxy_pass http://logstash_server:9292;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
server {
listen 9200 default_server;
server_name proxy_host;
location / {
proxy_pass http://logstash_server:9200;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
and when I go to http://proxy_host:9292, browser asks me for authentication,
but when I redirected at some point to http://proxy_host:9200, I need to authenticate again.
Is there a way to share somehow the authentication data between both proxies, so that the authentication will only happen once?
The auth issue does not come from Nginx, but from your browsers. Web browsers distinguish authentication domain using the whole tuple "[scheme]://[domain]:[port]" so, it doesn't matter if your servers share the same authentication backend because your browser will ask and store separately credentials for each domain.
The only alternative I can figure up is to proxy both app servers behind the same Nginx server block, and distinguish your queries by URL path, for example: