1

Hi I'm running Laravel on NGINX server and I would like to use NGINX reverse proxy capability as an API gateway for my Laravel and other node API application. Here are my configurations:

Application URL: staging-app.example.com
Application API Endpoint: staging-app.example.com/api
API Gateway URL: api.example.com

What I want to do, is to redirect all API requests api.example.com/staging-app to staging-app.example.com/api. I have succeed in redirecting the API request, but somehow the Authorization header is not passed along to the proxy pass resulting in 401 unauthorized while other header do get passed along.

Here is my current api.example.com nginx config:

server { server_name api.example.com; location /staging-app { rewrite ^/staging-app/(.*)$ /$1 break; proxy_pass http://staging-app.example.com/; } location /test { rewrite ^/test/(.*)$ /$1 break; proxy_pass http://127.0.0.1:3333/; } listen [::]:443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/api.example.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/api.example.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = api.example.com) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; listen [::]:80; server_name api.example.com; return 404; # managed by Certbot }

and for my laravel application, I use the configuration given from Laravel themselves

Update 1: I tried adding proxy_set_header Test testingvalue in the location block directly, but it doesn't seems to work either

Improve this question
9
  • Nothing should prevent nginx to pass the Authorization header to your upstream. However you are not passing your request to the /api endpoint; to do it, use location /staging-app { proxy_pass http://staging-app.example.com/api; } instead. Actually, no rewrite rules are required for your configuration to strip the URI prefix at all; check this SO thread to find out why. Commented Jun 2, 2022 at 13:54
  • I have installed telescope which allows me to see incoming requests. The request arrive successfully with the correct endpoint, but it's missing Authorization header. When I try adding another header such as authorizationzz it get passed through. Commented Jun 5, 2022 at 3:19
  • To check what exactly appears at the backend, I'm using a debug script with the content like following one; it shows the Authorization header is passing correctly, so I think it is a Laravel who is in charge of it's disappearing. Commented Jun 7, 2022 at 19:20
  • @IvanShatsky I have tried running a node.js server and assign it a subdomain, when I proxy_pass to the IP (127.0.0.1:3333) the header went through, but when I use the subdomain, it disappear. Commented Jun 9, 2022 at 2:33
  • 1
    An Authorization header can be lost if you are 1) requesting auth and passing the Authorization header using different protocols (HTTP/HTTPS); 2) receiving a redirect (see related Stack Overflow threads: 1, 2); 3) dealing with the CORS OPTIONS request (see related Stack Overflow thread). Commented Jun 9, 2022 at 13:21

2 Answers 2

Reset to default
0

Try adding the following to your config for the server listetning on port 443 :

proxy_http_version 1.1; proxy_set_header "Connection" "";

This will make the conection from master and agents presistent which is needed for authenticaiont in some setups

config doc

nginx keep-alive doc

Improve this answer
4
  • Nope the Authorization header still won't get through. I tried adding the proxy_set_header Test testingvalue in the location block directly, but somehow the value isn't added to the request. Commented Jun 5, 2022 at 3:24
  • Not passing headers is really weird. It probably requiire further investigation. Try adding the first four configs from link: nginx.com/resources/wiki/start/topics/examples/full/#proxy-conf Commented Jun 6, 2022 at 8:46
  • Still doesn't work @ofirule Commented Jun 9, 2022 at 2:40
  • It probably requiire further investigation. I would recomand using tcpdump and/or wireshark for investigating the traffic Commented Jun 9, 2022 at 8:41
0

Have you tried this answer?

Add to location block this entries

proxy_set_header Authorization $http_authorization; proxy_pass_header Authorization;
Improve this answer
1
  • Nope still didn't work, I even manually set $http_authorization with hardcoded token. Still didn't went through. I have tried running a node.js server and assign it a subdomain, when I proxy_pass to the IP (127.0.0.1:3333) the header went through, but when I use the subdomain, it disappear. Commented Jun 9, 2022 at 2:38

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.