You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by Apache Wiki <wi...@apache.org> on 2010/05/19 09:09:28 UTC
[Couchdb Wiki] Trivial Update of "Nginx_As_a_Reverse_Proxy" by SebastianCohnen
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.
The "Nginx_As_a_Reverse_Proxy" page has been changed by SebastianCohnen.
The comment on this change is: added first level heading; added TOC; minor format fix.
http://wiki.apache.org/couchdb/Nginx_As_a_Reverse_Proxy?action=diff&rev1=6&rev2=7
--------------------------------------------------
+ = nginx as a Reverse Proxy =
+ <<TableOfContents()>>
+
Nginx can serve as a reverse proxy to CouchDB for scenarios such as URL rewriting, load-balancing, access restriction, etc.
Here's a basic excerpt from an nginx config file in <nginx config directory>/sites-available/default. This will proxy all requests from http://domain.com/... to http://localhost:5984/...
{{{
location / {
- proxy_pass http://localhost:5984;
+ proxy_pass http://localhost:5984;
- proxy_redirect off;
+ proxy_redirect off;
- proxy_buffering off;
+ proxy_buffering off;
- proxy_set_header Host $host;
+ proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
+ }
}}}
@@ -21, +24 @@
{{{
location /couchdb {
- rewrite /couchdb/(.*) /$1 break;
+ rewrite /couchdb/(.*) /$1 break;
- proxy_pass http://localhost:5984;
+ proxy_pass http://localhost:5984;
- proxy_redirect off;
+ proxy_redirect off;
- proxy_set_header Host $host;
+ proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
+ }
}}}
=== Known Test Suite issue with reverse proxy from subdirectory URL ===
@@ -37, +40 @@
Here's a sample config setting with basic authentication enabled:
{{{
- location /couchdb {
+ location /couchdb {
- auth_basic "Restricted";
+ auth_basic "Restricted";
- auth_basic_user_file htpasswd;
+ auth_basic_user_file htpasswd;
- rewrite /couchdb/(.*) /$1 break;
+ rewrite /couchdb/(.*) /$1 break;
- proxy_pass http://localhost:5984;
+ proxy_pass http://localhost:5984;
- proxy_redirect off;
+ proxy_redirect off;
- proxy_set_header Host $host;
+ proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
+ }
}}}
=== Issues with reverse proxy authentication ===
Enabling basic authentication in Nginx will pass the HTTP authentication header to CouchDB, invoking its authentication handler as well. This configuration causes the Nginx basic authentication prompt to appear in the browser, followed by a second authentication prompt from Couchdb, even if CouchDB authentication is not enabled.
- You can either use the same username and password combinations for both Nginx and CouchDb, or set CouchDB to use the null_authentication_handler.
+ You can either use the same username and password combinations for both Nginx and CouchDb, or set CouchDB to use the null_authentication_handler. In the local.ini file:
+ {{{
-
- {{{ In the local.ini file...
[httpd]
authentication_handler = {couch_httpd, null_authentication_handler}
}}}
@@ -65, +67 @@
Note 2: While "proxy_hide_header" does not work, setting the header Authorization to "" seems to work.
{{{
- location / {
+ location / {
- auth_basic "CouchDB Admin";
+ auth_basic "CouchDB Admin";
auth_basic_user_file /etc/nginx/passwd;
proxy_pass http://localhost:5984;
proxy_redirect off;
@@ -74, +76 @@
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Authorization "";
- }
+ }
}}}