I have an nginx reverse proxy server which feeds into a varnish cache with an apache backend.
The php is running as a fastcgi process started from apache.
I was attempting to get some php software working however the basic HTTP Authentication dialog was not accepting any usernames or passwords. I did some digging around and came up with this to put in a .htaccess file:
RewriteEngine On
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]
This has fixed the authentication issue with the basic HTTP auth.
Now I've been attempting to work out what exactly this has done, so my question is: why did adding this rewrite rule make the authentication start working?
All I could come up with at the moment is that somewhere along the chain of nginx -> varnish -> apache, apache was not recieving the auth headers. I would like to understand what is going on here so I can implement a change on the server level that will stop this from occuring elsewhere.
Can someone please clarify?
Thank you
Best Answer
Loosing track of HTTP Authentication seems to be not an issue of nginx or Varnish.
This rewrite rule is not for making authentication header fields accessible to Apache but to the Fast-CGI backend (assuming authentication should be recognized inside PHP).
Authentication headers are usually hidden from Fast-CGI. You can
either use this
RewriteRule
hack to set theREMOTE_USER
environment variable by hand;or the
mod_fastcgi
configuration variable to pass headers to Fast-CGI: