Comments (9)
hjone72
commented on August 23, 2024
Hi,
Can you include more of your location block please?
Here is a snippet from mine that is working how you desire:
location /htpc {
auth_request "off";
proxy_pass https://127.0.0.1:8085;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
Can you please confirm that you restarted nginx after making the config change?
Thanks,
from plexauth.
pablolop002
commented on August 23, 2024
My location block is:
location /RPC2 {
auth_request "off";
include scgi_params;
scgi_pass localhost:5000;
scgi_param SCRIPT_NAME /RPC2;
auth_basic "Restricted";
auth_basic_user_file /path/to/.htpasswd;
}
Without auth_basic it works, but I need to secure the location.
Thanks for your response.
from plexauth.
hjone72
commented on August 23, 2024
I've been able to recreate your issue. I'm looking to see if I can find a solution for you, but this may be a restriction with nginx or the auth_request module. For now, a quick solution would be to only include auth_request in the location blocks you want to protect with PlexAuth instead of having it in the main server block.
Here is an example (Note: this config is not complete and will not work):
server {
auth_request /auth/; #Remove this line.
error_page 401 = @error401;
location @error401 {
add_header 'X-AfterAuth' 'test';
add_header X-Original-URI $request_uri;
if ($return != false) {
rewrite ^ https://secure.domain.com?return=$return_host$return redirect;
}
return 302 https://secure.domain.com;
}
location /nzbget {
###############
auth_request /auth/; #Put it in each location block instead.
###############
proxy_pass http://127.0.0.1:6789;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Hope this quick fix will help you out until a permanent solution can be found...
from plexauth.
pablolop002
commented on August 23, 2024
I've been able to recreate your issue. I'm looking to see if I can find a solution for you, but this may be a restriction with nginx or the auth_request module.
Thanks you about this.
For now, a quick solution would be to only include auth_request in the location blocks you want to protect with PlexAuth instead of having it in the main server block.
About this solution, I don't have auth_request in the main server block. This is my server block config:
server {
listen 80;
server_name domain.com;
error_log /var/log/nginx/www.error.log info;
access_log /var/log/nginx/www.access.log;
root /usr/share/nginx/html/plexauth;
index index.php;
set $return $request_uri;
set $return_host $host;
error_page 401 = @error401;
location @error401 {
add_header 'X-AfterAuth' 'test';
add_header X-Original-URI $request_uri;
if ($return != false) {
rewrite ^ http://domain.com?return=$return_host$return redirect;
}
return 302 http://domain.com;
}
error_page 403 = @error403;
location @error403 {
return 302 http://domain.com/ad.html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi.conf;
}
location /admin_auth/ {
proxy_pass http://localhost:8087/auth/index.php?admin=true&uri=$return;
proxy_pass_request_body off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Content-Length '0';
}
location /auth/ {
proxy_pass http://localhost:8087/auth/;
proxy_pass_request_body off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Content-Length '0';
}
location /content {
auth_request /auth/;
root /var/www/html/index.html;
}
location /admin_content {
auth_request /admin_auth/;
root /var/www/html/index.html;
}
location /RPC2 {
auth_request "off";
include scgi_params;
scgi_pass 127.0.0.1:5000;
scgi_param SCRIPT_NAME /RPC2;
}
}
And the localhost server block:
server {
server_name = localhost;
listen 8087;
error_log /var/log/nginx-auth-error.log info;
root /usr/share/nginx/html/plexauth;
index index.php index.html;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi.conf;
}
}
Again, thanks you so much.
from plexauth.
hjone72
commented on August 23, 2024
Can you please try adding satisfy any; to the RPC2 location block?
location /RPC2 {
satisfy any;
auth_basic "Restricted";
auth_basic_user_file /path/to/file;
auth_request "off";
include scgi_params;
scgi_pass 127.0.0.1:5000;
scgi_param SCRIPT_NAME /RPC2;
}
from plexauth.
pablolop002
commented on August 23, 2024
Can you please try adding satisfy any; to the RPC2 location block?
location /RPC2 { satisfy any; auth_basic "Restricted"; auth_basic_user_file /path/to/file; auth_request "off"; include scgi_params; scgi_pass 127.0.0.1:5000; scgi_param SCRIPT_NAME /RPC2; }
This does not work :(
from plexauth.
hjone72
commented on August 23, 2024
Okay, so I found the issue.
It seems to be a problem with error_page 401 = @error401;
If you comment that line out the config will work as you are expecting. However will not redirect unauthenticated users to the login screen for other situations. You may need to make some modifications for your specific setup for this to work as desired.
Just working out how you might go about this.
from plexauth.
hjone72
commented on August 23, 2024
My suggestion would be to change PlexAuth to return a code other than 401. Then within nginx capture that code. I don't think there will be any other options with this one...
from plexauth.
pablolop002
commented on August 23, 2024
I solve this with a 302 redirect and a subdomain.
from plexauth.
Related Issues (17)
- Trouble since the introduction of the "RememberMe by gbirke" requirement HOT 2
- 1 time authentication for iDashboard HOT 26
- Any possibility for apache support? HOT 1
- 500 Internal Server Error HOT 8
- Plexpy HOT 2
- Auth to another web server? HOT 3
- PlexPy SSO Fork - Error 500 HOT 1
- Wiki Please HOT 4
- ComicStreamer Admin permissions HOT 6
- Endless redirect issue (inside docker) HOT 5
- Incorrect username and password error. HOT 7
- Do the same for Emby? HOT 1
- How does PlexAuth work with other software? HOT 2
- Feature Request: Seperate plex auth module for nginx HOT 8
- More WebServer HOT 1
- Allow only certain users to auth
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from plexauth.