Nginx Reverse Proxy DO NOT PASS Authorization

I set up nginx asking for basic auth for some IP blocks, here is the post: Nginx 特定 IP 需要认证.

But for some products, they read Authorization header to identify client as users. If so, these two different auth would be mixed and the backend application works bad.

To solve this, add this line to proxy:

Nginx Reverse Proxy DO NOT PASS Authorization by @sskaje: https://sskaje.me/2017/01/nginx-reverse-proxy-pass-authorization/

Running Atlassian Confluence/Bamboo/Bitbucket behind Nginx with SSL

It’s easy to set up a reverse proxy forwarding requests to Atlassian’s products.

If you look up posts on Atlassian’s official confluence, you’ll get something correct but confusing.

Here is my nginx configuration, for all products except Confluence:

I have haproxy in front of Nginx, if you don’t, let nginx listens to 0.0.0.0:443 and 0.0.0.0:80.

And, for built-in tomcat, make sure you have following lines in server.xml:

So bitbucket’s server.xml looks like

All other fields are all default values.

For Confluences, there’s something really stupid: ‘synchrony’.
According to official confluence, add lines below to nginx:

Other wise you’ll get function corrupted.

Running Atlassian Confluence/Bamboo/Bitbucket behind Nginx with SSL by @sskaje: https://sskaje.me/2017/01/running-atlassian-confluencebamboobitbucket-nginx-ssl/

Nginx 特定 IP 需要认证

文档: satisfy

参数 all 表示,所有条件都得满足;
参数 any 表示,任一条件满足即可。

所包含的条件包括 ngx_http_access_module, ngx_http_auth_basic_module, ngx_http_auth_request_module, 和 ngx_http_auth_jwt_module 这4个模块。

上述配置还处理了认证失败的跳转。

这个配置可以保存成独立的 .conf 文件,在 server {}include

Nginx 特定 IP 需要认证 by @sskaje: https://sskaje.me/2017/01/nginx-requires-auth-for-some-certain-ip/

SoftEther between VPS and UBNT EdgeRouter

This is a placeholder. And, this article won’t be public.

You are not authorised to read all content in this post.

Please login…

SoftEther between VPS and UBNT EdgeRouter by @sskaje: https://sskaje.me/2017/01/softether-vps-ubnt-edgerouter/