Closed
Description
Hi,
I'm using HTTPS basic auth for Nginx and it works well for other parts of my app, but not for centrifugo. So before going to centrifugo admin I need to enter login/password for my domain (nginx basic auth):
Then I go to centrifugo login page and see login form. After login into admin panel nginx create new window for basic auth (but I've already authorized). Also I see an error in browser console:
/centrifugo/admin/auth:1 Failed to load resource: the server responded with a status of 400 (Bad Request)
Nginx requires password again and again. This happens only for centrifugo. Also I tried to enable insecure_admin in config.json, but it does not help.
$ centrifugo version
Centrifugo v2.0.1 (Go version: go1.11.1)
config.json:
{
"name": "server1",
"secret": "******",
"address": "",
"port": 8001,
"engine": "memory",
"history_size": "0",
"history_lifetime": "0",
"history_drop_inactive": true,
"debug": false,
"web": true,
"admin": true,
"admin_password": "admin",
"admin_secret": "******",
"insecure_admin": true
}
nginx config:
server {
listen 80;
listen [::]:80;
server_name node1.site.com;
return 301 https://$host$request_uri;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name node1.site.com;
root /var/www/node1.site.com/www/;
index index.html index.php;
# SSL certificate
ssl_certificate /etc/letsencrypt/live/node1.site.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/node1.site.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_dhparam /var/www/ssl/ca/dhparam4096.pem;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 1d;
ssl_session_tickets off;
# SSL OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /var/www/ssl/ca/letsencrypt.pem;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# SSL Strict-Transport-Security
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# Basic auth system
auth_basic "Restricted";
auth_basic_user_file /var/www/node1.site.com/www/.htpasswd;
location / {
try_files $uri $uri/ /index.html =404;
}
location /centrifugo/ {
allow 127.0.0.1;
rewrite ^/centrifugo/(.*) /$1 break;
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://127.0.0.1:8001;
}
location /centrifugo/socket {
allow 127.0.0.1;
rewrite ^/centrifugo(.*) $1 break;
proxy_next_upstream error;
proxy_buffering off;
keepalive_timeout 65;
proxy_pass http://127.0.0.1:8001;
proxy_read_timeout 60s;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
...
Thanks
Metadata
Assignees
Labels
No labels