nginx auth_request using original uri
up vote
0
down vote
favorite
This may be related to this question.
I try to provide static files using nginx. However, only registered users with the appropriate rights should be able to download these files.
Within the django application I can already authorize users, but since the downloads are not delivered by django, but by nginx, I had some problems with it.
Currently I have two locations within my nginx config.
location / {
uwsgi_pass django;
include /usr/share/nginx/uwsgi_params;
}
location ~ /projects/(.*)/downloads/(.+[^/])$ {
auth_request /api/auth;
root /usr/share/nginx/downloads;
}
This configuration works, but I am unable to check if the registered user is allowed to access this download area.
It would be enough if I could adjust the second block to a syntax like this.
location ~ /projects/(.*)/downloads/(.+[^/])$ {
auth_request /projects/$1/downloads/;
root /usr/share/nginx/downloads;
}
But with this configuration not the uri is called, but the given string /projects/my_project/downloads/my_file.txt
Is there a simple way to pass the original uri to an auth_request?
Thank you in advance
django nginx authorization
add a comment |
up vote
0
down vote
favorite
This may be related to this question.
I try to provide static files using nginx. However, only registered users with the appropriate rights should be able to download these files.
Within the django application I can already authorize users, but since the downloads are not delivered by django, but by nginx, I had some problems with it.
Currently I have two locations within my nginx config.
location / {
uwsgi_pass django;
include /usr/share/nginx/uwsgi_params;
}
location ~ /projects/(.*)/downloads/(.+[^/])$ {
auth_request /api/auth;
root /usr/share/nginx/downloads;
}
This configuration works, but I am unable to check if the registered user is allowed to access this download area.
It would be enough if I could adjust the second block to a syntax like this.
location ~ /projects/(.*)/downloads/(.+[^/])$ {
auth_request /projects/$1/downloads/;
root /usr/share/nginx/downloads;
}
But with this configuration not the uri is called, but the given string /projects/my_project/downloads/my_file.txt
Is there a simple way to pass the original uri to an auth_request?
Thank you in advance
django nginx authorization
In your first example, did you try addinglocation /api/auth
and setproxy_set_header X-Original-URI $request_uri;
? That would allow you to inspect that header in your code to check which resource is being accessed, no?
– dirkgroten
Nov 21 at 12:06
@dirkgroten You're right, all I had to do was add X-Original-URI. Then I could access it from django. Thank you very much
– Euklios
Nov 21 at 13:30
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
This may be related to this question.
I try to provide static files using nginx. However, only registered users with the appropriate rights should be able to download these files.
Within the django application I can already authorize users, but since the downloads are not delivered by django, but by nginx, I had some problems with it.
Currently I have two locations within my nginx config.
location / {
uwsgi_pass django;
include /usr/share/nginx/uwsgi_params;
}
location ~ /projects/(.*)/downloads/(.+[^/])$ {
auth_request /api/auth;
root /usr/share/nginx/downloads;
}
This configuration works, but I am unable to check if the registered user is allowed to access this download area.
It would be enough if I could adjust the second block to a syntax like this.
location ~ /projects/(.*)/downloads/(.+[^/])$ {
auth_request /projects/$1/downloads/;
root /usr/share/nginx/downloads;
}
But with this configuration not the uri is called, but the given string /projects/my_project/downloads/my_file.txt
Is there a simple way to pass the original uri to an auth_request?
Thank you in advance
django nginx authorization
This may be related to this question.
I try to provide static files using nginx. However, only registered users with the appropriate rights should be able to download these files.
Within the django application I can already authorize users, but since the downloads are not delivered by django, but by nginx, I had some problems with it.
Currently I have two locations within my nginx config.
location / {
uwsgi_pass django;
include /usr/share/nginx/uwsgi_params;
}
location ~ /projects/(.*)/downloads/(.+[^/])$ {
auth_request /api/auth;
root /usr/share/nginx/downloads;
}
This configuration works, but I am unable to check if the registered user is allowed to access this download area.
It would be enough if I could adjust the second block to a syntax like this.
location ~ /projects/(.*)/downloads/(.+[^/])$ {
auth_request /projects/$1/downloads/;
root /usr/share/nginx/downloads;
}
But with this configuration not the uri is called, but the given string /projects/my_project/downloads/my_file.txt
Is there a simple way to pass the original uri to an auth_request?
Thank you in advance
django nginx authorization
django nginx authorization
asked Nov 21 at 11:32
Euklios
214
214
In your first example, did you try addinglocation /api/auth
and setproxy_set_header X-Original-URI $request_uri;
? That would allow you to inspect that header in your code to check which resource is being accessed, no?
– dirkgroten
Nov 21 at 12:06
@dirkgroten You're right, all I had to do was add X-Original-URI. Then I could access it from django. Thank you very much
– Euklios
Nov 21 at 13:30
add a comment |
In your first example, did you try addinglocation /api/auth
and setproxy_set_header X-Original-URI $request_uri;
? That would allow you to inspect that header in your code to check which resource is being accessed, no?
– dirkgroten
Nov 21 at 12:06
@dirkgroten You're right, all I had to do was add X-Original-URI. Then I could access it from django. Thank you very much
– Euklios
Nov 21 at 13:30
In your first example, did you try adding
location /api/auth
and set proxy_set_header X-Original-URI $request_uri;
? That would allow you to inspect that header in your code to check which resource is being accessed, no?– dirkgroten
Nov 21 at 12:06
In your first example, did you try adding
location /api/auth
and set proxy_set_header X-Original-URI $request_uri;
? That would allow you to inspect that header in your code to check which resource is being accessed, no?– dirkgroten
Nov 21 at 12:06
@dirkgroten You're right, all I had to do was add X-Original-URI. Then I could access it from django. Thank you very much
– Euklios
Nov 21 at 13:30
@dirkgroten You're right, all I had to do was add X-Original-URI. Then I could access it from django. Thank you very much
– Euklios
Nov 21 at 13:30
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53411188%2fnginx-auth-request-using-original-uri%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
In your first example, did you try adding
location /api/auth
and setproxy_set_header X-Original-URI $request_uri;
? That would allow you to inspect that header in your code to check which resource is being accessed, no?– dirkgroten
Nov 21 at 12:06
@dirkgroten You're right, all I had to do was add X-Original-URI. Then I could access it from django. Thank you very much
– Euklios
Nov 21 at 13:30