Hello, I have nginx up and running. But i have one problem.
My scenario is this, A user access my nginx server and has to provide a login/password and is then redirected to another (local) server that requires a login/password.
The setup is intended to password protect a tvheadend stream.
I got this all working fine a few months ago, but today when i try to add a new user it will not work. And i can't figure out why.
The client is meant to access all this via vlc, and when the new client tries to connect he first needs to manually enter password for the "restricted" realm and then the tvheadend realm, then it loops back to the restricted realm again, then tvheadend. And so on...
For all other users this is automated and works fine.
Here are my config files.
nginx.conf
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
limit_conn_zone $remote_user zone=peruser:10m;
include /home/nginx/my.conf;
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
.
.
.
my.conf
###
server {
listen 1234; # <------ THIS WILL BE THE PORT WHERE THE USER WILL CONNECT TO
server_name my-ip.com; # <------ Ensure you put your REAL (public IP) here or I put here my Ubuntu LAN IP
error_page 403 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/nginx/html;
}
location = /User1{
auth_basic "Restricted";
auth_basic_user_file /home/nginx/User1; # <--------- this file needs to be manualy created (sudo htpasswd -cm /home/nginx/User User)
limit_conn peruser 1;
proxy_pass http://192.168.1.32:9981/stream/channelid/128;
proxy_set_header Authorization "Basic LU0FEamhmbmIddzNMKkJSUjMjM0Ym5mYsdnNtZGY1=";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location = /User2 {
auth_basic "Restricted";
auth_basic_user_file /home/nginx/User2; # <--------- this file needs to be manualy created (sudo htpasswd -cm /home/nginx/User User)
limit_conn peruser 1;
proxy_pass http://192.168.1.32:9981/stream/channelid/128;
proxy_set_header Authorization "Basic pzamjJicvxcv/CpDdrZsadsadkpqZmpmNzc2=";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location = /User3{
auth_basic "Restricted";
auth_basic_user_file /home/nginx/User3; # <--------- this file needs to be manualy created (sudo htpasswd -cm /home/nginx/User User)
limit_conn peruser 1;
proxy_pass http://192.168.1.32:9981/stream/channelid/128;
proxy_set_header Authorization "Basic NzYzNoSNrmszJcKkVnamdEdGRmYnZ=";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location = /NewUser{
auth_basic "Restricted";
auth_basic_user_file /home/nginx/NewUser; # <--------- this file needs to be manualy created (sudo htpasswd -cm /home/nginx/User User)
limit_conn peruser 1;
proxy_pass http://192.168.1.32:9981/stream/channelid/128;
proxy_set_header Authorization "Basic sdJwwJKadGVm=";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /nginx_status {
stub_status on;
access_log on;
allow 192.168.1.0/32;
deny all;
}
}
That last NewUser will not work, i will be an endlass login/password loop.
In the logfile error.log
2015/03/20 10:50:09 [error] 3557#0: *1 no user/password was provided for basic authentication, client: 192.168.1.1, server: my-ip.com, request: "GET /NewUser HTTP/1.1", host: "my-ip.com:1234"
2015/03/20 10:50:25 [error] 3557#0: *1 user "NewUser ": password mismatch, client: 192.168.1.1, server: my-ip.com, request: "GET /NewUser HTTP/1.1", host: "my-ip.com:1234"
The obvious answer would be that is enter the wrong password, but i have tried to change it a few times without luck.
The proxy_set_header Authorization is encoded with https://www.base64encode.org/
The clients is supposed to connect with this in vlc:
http://user:pass@my-ip.com:1234
where user is "NewUser" and pass is the one i enter manually here (sudo htpasswd -cm /home/nginx/NewUser NewUser)
If you see any errors in the config file or anythin else, please tell me=)
Cheers!
/L
My scenario is this, A user access my nginx server and has to provide a login/password and is then redirected to another (local) server that requires a login/password.
The setup is intended to password protect a tvheadend stream.
I got this all working fine a few months ago, but today when i try to add a new user it will not work. And i can't figure out why.
The client is meant to access all this via vlc, and when the new client tries to connect he first needs to manually enter password for the "restricted" realm and then the tvheadend realm, then it loops back to the restricted realm again, then tvheadend. And so on...
For all other users this is automated and works fine.
Here are my config files.
nginx.conf
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
limit_conn_zone $remote_user zone=peruser:10m;
include /home/nginx/my.conf;
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
.
.
.
my.conf
###
server {
listen 1234; # <------ THIS WILL BE THE PORT WHERE THE USER WILL CONNECT TO
server_name my-ip.com; # <------ Ensure you put your REAL (public IP) here or I put here my Ubuntu LAN IP
error_page 403 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/nginx/html;
}
location = /User1{
auth_basic "Restricted";
auth_basic_user_file /home/nginx/User1; # <--------- this file needs to be manualy created (sudo htpasswd -cm /home/nginx/User User)
limit_conn peruser 1;
proxy_pass http://192.168.1.32:9981/stream/channelid/128;
proxy_set_header Authorization "Basic LU0FEamhmbmIddzNMKkJSUjMjM0Ym5mYsdnNtZGY1=";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location = /User2 {
auth_basic "Restricted";
auth_basic_user_file /home/nginx/User2; # <--------- this file needs to be manualy created (sudo htpasswd -cm /home/nginx/User User)
limit_conn peruser 1;
proxy_pass http://192.168.1.32:9981/stream/channelid/128;
proxy_set_header Authorization "Basic pzamjJicvxcv/CpDdrZsadsadkpqZmpmNzc2=";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location = /User3{
auth_basic "Restricted";
auth_basic_user_file /home/nginx/User3; # <--------- this file needs to be manualy created (sudo htpasswd -cm /home/nginx/User User)
limit_conn peruser 1;
proxy_pass http://192.168.1.32:9981/stream/channelid/128;
proxy_set_header Authorization "Basic NzYzNoSNrmszJcKkVnamdEdGRmYnZ=";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location = /NewUser{
auth_basic "Restricted";
auth_basic_user_file /home/nginx/NewUser; # <--------- this file needs to be manualy created (sudo htpasswd -cm /home/nginx/User User)
limit_conn peruser 1;
proxy_pass http://192.168.1.32:9981/stream/channelid/128;
proxy_set_header Authorization "Basic sdJwwJKadGVm=";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /nginx_status {
stub_status on;
access_log on;
allow 192.168.1.0/32;
deny all;
}
}
That last NewUser will not work, i will be an endlass login/password loop.
In the logfile error.log
2015/03/20 10:50:09 [error] 3557#0: *1 no user/password was provided for basic authentication, client: 192.168.1.1, server: my-ip.com, request: "GET /NewUser HTTP/1.1", host: "my-ip.com:1234"
2015/03/20 10:50:25 [error] 3557#0: *1 user "NewUser ": password mismatch, client: 192.168.1.1, server: my-ip.com, request: "GET /NewUser HTTP/1.1", host: "my-ip.com:1234"
The obvious answer would be that is enter the wrong password, but i have tried to change it a few times without luck.
The proxy_set_header Authorization is encoded with https://www.base64encode.org/
The clients is supposed to connect with this in vlc:
http://user:pass@my-ip.com:1234
where user is "NewUser" and pass is the one i enter manually here (sudo htpasswd -cm /home/nginx/NewUser NewUser)
If you see any errors in the config file or anythin else, please tell me=)
Cheers!
/L