AnsweredAssumed Answered

Nginx Reverse Proxy with Kerberos SSO

Question asked by neilecker on Mar 5, 2019
Latest reply on May 5, 2019 by fedorow

Has anyone successfully implemented nginx as a reverse proxy for Alfresco with SSO enabled?  The below simplified configuration does work except for the SSO part so maybe I'm missing some header?   Attempting to access /share results in an authentication challenge when it should pass the kerberos ticket automatically.

 

The strange part is, if I have Fiddler open (which is a proxy itself) to have a look at the traffic, SSO does work.

 

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name devdocs.myserver.ca;

  ssl on;
  include snippets/myserver-ssl.conf;
  include snippets/myserver-ssl-params-tls1.conf;
 
  client_max_body_size 100M;

  access_log /var/log/nginx/devdocs.myserver.ca.access.log;
  error_log /var/log/nginx/devdocs.myserver.ca.error.log;

  location / {
    proxy_http_version 1.1;
    proxy_pass_request_headers on;

    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_pass http://10.10.100.220:8080/;
  }
}

 

I can use Apache (and I have an instance that is configured correctly for SSO to work) but we were hoping to standardize on nginx for our SSL offloading and proxying needs.

 

Thanks,

Neil

Outcomes