authentication - Not getting REMOTE_USER header in rails app running on passenger w/ nginx behind apache -
so i'm transitioning rails based website docker sake of ;)
i use phusion/passenger-docker support rails app. within it, use rack-webauth grabs webauth_user or remote_user authentication piece. unfortunately, can use apache version of stanford's webauth authentication; cannot (currently) use nginx instance this.
therefore, use proxypass
in apache instance forward traffic dockerised nginx'd application. app works fine unauthenticated parts of app; however, after authenticate, dockerised app not appear see remote_user environment variable (via puts env
in ruby code).
my apache config:
listen 8443 <virtualhost *:8443> sslengine on sslprotocol -sslv2 sslciphersuite all:!anull:!adh:!enull:!low:!exp:rc4+rsa:+high:+medium sslcertificatefile /etc/pki/tls/certs/blah.crt sslcertificatekeyfile /etc/pki/tls/private/blah.key sslcertificatechainfile /etc/pki/tls/certs/intermediateca.crt serveradmin blah@blah.com servername www.blah.com rewriteoptions inherit loglevel info errorlog logs/web_error.log customlog logs/web_access.log combined webauthcredcachedir conf/webauth/credcache/ <proxy *> order deny,allow allow </proxy> proxyvia on proxypassinterpolateenv on proxypass / http://localhost:8080/ proxypassreverse / http://localhost:8080/ <location /> ssloptions +stdenvvars webauthextraredirect on authtype webauth require valid-user requestheader merge remote_user %{remote_user}s rewriteengine on rewriterule .* - [e=remote_user:%{remote_user}] </location> setenvif user-agent ".*msie.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </virtualhost>
(this same virtualhost definition in non-dockerised webapp works fine - ie when run webapp under apache same location stanza, works , see remote_user)
and of course run dockerised webapp with
sudo docker run -p 8080:80 mywebapp
my sites definition in dockerised nginx instance is:
server { listen 80; server_name blah.com; root /home/app/webapp/public; passenger_enabled on; passenger_user app; passenger_app_env development; passenger_ruby /usr/bin/ruby; }
any ideas?
might late answer, hoping useful others.
changing remote_user http_remote_user worked me.
for more details, find this answer clear.
Comments
Post a Comment