Forum Discussion

vineshbg's avatar
vineshbg
Icon for Nimbostratus rankNimbostratus
Apr 01, 2025

How to make nginx to connect to server through proxy with auth

In the current setup, nginx serves as a reverse proxy to proxy_pass to app listening on local host which inturn communicates to webserver(lets say one.server.com) after some processing on some locations and also proxy_pass directly to the webserver for other locations. The issue is when proxy comes into picture. 

The app listening on localhost can be made to go through http proxy but for nginx, changing proxy_pass to go to proxy_ip:proxy_port didnt work because there was no way to set the authentication for proxy in nginx conf.

Nginx Config:

http {
  server {
    listen 443 ssl;
    ssl_certificate      /usr/local/etc/nginx/ssl/cert.pem;
    ssl_certificate_key  /usr/local/etc/nginx/ssl/cert.key;

    proxy_set_header Host one.server.com;

    location ~* /route_1 {
      proxy_pass https://127.0.0.1:8080;
    }

    locations ~* /route_2 {
      proxy_pass one.server.com;
    }
  }
}

 

Just wanted to check if nginx/nginx plus supports proxy out of the box or if there are any workarounds possible for the same. Thanks

2 Replies

  • You will need to tell the second proxy to trust the "X-Forwarded-User" header (some proxies like the header  with name X-Authenticated-User) that nginx will and do the authentication on the nginx.

    See $remote_user variable (""proxy_set_header X-Forwarded-User $remote_user; "" ):

    Module ngx_http_core_module

     

     

    See also:

     

    Module ngx_http_auth_request_module

    nginxinc/nginx-ldap-auth: Example of LDAP authentication using ngx_http_auth_request_module

    Restricting Access with HTTP Basic Authentication | NGINX Documentation

     

     

    Also nginx can extract the user name from client side ssl cert authentication. 

     

    server {
        listen 443 ssl;
        server_name yourdomain.com;

        ssl_certificate /etc/nginx/ssl/server.crt;
        ssl_certificate_key /etc/nginx/ssl/server.key;

        ssl_client_certificate /etc/nginx/ssl/ca.crt; # CA that issued client certificates
        ssl_verify_client on; # Enforce client authentication

        location / {
            proxy_pass http://backend:8080; # Forward requests to backend
            proxy_set_header X-SSL-Client-Cert $ssl_client_cert;  # Send client certificate
            proxy_set_header X-SSL-Client-Subject $ssl_client_s_dn; # Send client subject DN
            proxy_set_header X-SSL-Client-Username $ssl_client_s_dn; # Example: Forward username
        }
    }

  • My bad, the second proxy is user configured and could be any proxy. To rectify, my query was whether nginx can be made to use a http proxy to reach the proxy pass server and the http proxy is user configured and cannot understand custom headers we pass in the requests like X-Forwarded-User etc.