Forum Discussion

vineshbg's avatar
vineshbg
Icon for Nimbostratus rankNimbostratus
Apr 01, 2025

How to make nginx to connect to server through proxy with auth

In the current setup, nginx serves as a reverse proxy to proxy_pass to app listening on local host which inturn communicates to webserver(lets say one.server.com) after some processing on some locati...
devops
Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Apr 02, 2025

You will need to tell the second proxy to trust the "X-Forwarded-User" header (some proxies like the header  with name X-Authenticated-User) that nginx will and do the authentication on the nginx.

See $remote_user variable (""proxy_set_header X-Forwarded-User $remote_user; "" ):

Module ngx_http_core_module

 

 

See also:

 

Module ngx_http_auth_request_module

nginxinc/nginx-ldap-auth: Example of LDAP authentication using ngx_http_auth_request_module

Restricting Access with HTTP Basic Authentication | NGINX Documentation

 

 

Also nginx can extract the user name from client side ssl cert authentication. 

 

server {
    listen 443 ssl;
    server_name yourdomain.com;

    ssl_certificate /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;

    ssl_client_certificate /etc/nginx/ssl/ca.crt; # CA that issued client certificates
    ssl_verify_client on; # Enforce client authentication

    location / {
        proxy_pass http://backend:8080; # Forward requests to backend
        proxy_set_header X-SSL-Client-Cert $ssl_client_cert;  # Send client certificate
        proxy_set_header X-SSL-Client-Subject $ssl_client_s_dn; # Send client subject DN
        proxy_set_header X-SSL-Client-Username $ssl_client_s_dn; # Example: Forward username
    }
}