I’m running Kobo behind Nginx as. a reverse proxy. All is working, but I want to protect the API with Basic Authentication - so I enabled nginx Basic auth using this:
The issue is that the basic Authorization header is proxied to Kobo. No big deal, I remove the header using:
proxy_set_header Authorization "";
Now though - I get a weird situation. Whenever I navigate to ANY kobo page, I get Status 204 No-Content. Am I missing something obvious here? Could this in any way be a problem with Kobo?
Thank you for any suggestions, I’ve been staring at this for far too long and just wanted a second set of eyes.
It was just a silly config on my end. I had some proxy_set_header references in my server block, and I was setting the Authorization header in my location block. So I think that was incorrect. I moved all the proxy_set_header items to the server block and it started working. Here is my working config:
events {}
http {
client_max_body_size 100M;
log_format compression '$remote_addr - $remote_user [$time_local] '
'"$request" $status "$http_referer" '
'"$http_host" "$http_authorization"';
# generated 2020-07-17, Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.4
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
server {
include ssl.conf;
}
# map the $authorization property to $http_authorization if
# remote user is not our custom user
map $remote_user $authorization {
default $http_authorization;
"nginx-basic-external-user" "";
}
# kobo toolbox
server {
server_name
kf.domain.com
kc.domain.com;
include ssl.conf;
include proxy_pass.conf;
# replace authorization header with empty
proxy_set_header Authorization $authorization;
access_log /var/log/nginx/kobo.access.log compression;
location / {
proxy_pass http://{{ kobo_frontend_ip }}:8080;
}
}
server {
server_name ee.domain.com;
include ssl.conf;
include proxy_pass.conf;
# replace authorization header
proxy_set_header Authorization $authorization;
satisfy any;
allow 127.0.0.1; # localhost
allow x.x.x.x; # NAT gateway
allow 10.0.1.0/24; # local traffic
deny all;
auth_basic "Authenticated Users";
auth_basic_user_file htpasswd;
access_log /var/log/nginx/ee.access.log compression;
location / {
proxy_pass http://{{ kobo_frontend_ip }}:8080;
}
}
}
with regards to the allow,deny comment - see here: