NGiNX reverse proxy with Windows Authentication?

Mon, 27 Jun 2016 12:27:21 GMT

I am new to the forum so please bear with me.

We are attempting to use nginx as our reverse proxy while using windows authentication. When I use windows auth, I am presented with the normal pop up box for authentication. When I enter my credentails I am not presented/redirected to the /hub/ page. It just sits on a blank screen with what appears to be the windows auth URL (on port 4248). When we switch it to form based, the reverse proxy config works perfectly.

Can anyone take a look at my config and let me know if I'm missing something? Either on the Qlik side or the nginx side?

As a side question - is there a way with form based auth that we don't have to enter in the domain as part of the username? Can it be "cached"

Here is my current nginx config

server {

listen 443 ssl;

server_name qlik.outside;

ssl_certificate /etc/ssl/blah.crt;

ssl_certificate_key /etc/ssl/blah.key;

location / {

proxy_pass https://qlik.internal;

proxy_http_version 1.1;

proxy_set_header Host $http_host;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

proxy_read_timeout 60m;

proxy_redirect $scheme://$host:4244/form/ $scheme://$http_host/form/;

proxy_redirect $scheme://$host:4244/windows_authentication/ $scheme://$http_host/windows_authentication/;

}

location /form/ {

proxy_pass https://qlik.internal:4244/form/;

proxy_http_version 1.1;

proxy_set_header Host $http_host;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

proxy_read_timeout 60m;

}

location /windows_authentication/ {

proxy_pass https://qlik.internal:4244/windows_authentication/;

proxy_http_version 1.1;

proxy_set_header Host $http_host;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

proxy_read_timeout 60m;

}

Am I missing something obvious? Again, it's like after a successful (or even not successful) authentication, the token is never passed back to the qlik server or the qlik server never responds.

Re: NGiNX reverse proxy with Windows Authentication?

undergrinder — Tue, 12 Jul 2016 13:29:51 GMT

Hi Brad,

This thread will help you: Re: Reverse Proxy and Authentication port redirect

What kind of HTTP code did you get at blank screen?

Re: NGiNX reverse proxy with Windows Authentication?

tseebach — Wed, 07 Dec 2016 08:29:16 GMT

Hi Brad,

In the thread that Gabor links to, I'm suggesting to use /form instead of /windows_authentication which means that I do not need to pass through NTLM credentials. The free version of nginx does not support NTML, for that you will need to paid version.

I hope this helps.

Re: NGiNX reverse proxy with Windows Authentication?

Anonymous — Sun, 13 May 2018 12:34:06 GMT

Hi Torben,

Is this situation still remains or Nginx now supports NTML?

Best Regards.

Re: NGiNX reverse proxy with Windows Authentication?

korsikov — Mon, 13 Apr 2020 06:21:25 GMT

yeap. but only in commercial version.

topic Re: NGiNX reverse proxy with Windows Authentication? in Management & Governance

NGiNX reverse proxy with Windows Authentication?

Re: NGiNX reverse proxy with Windows Authentication?

Re: NGiNX reverse proxy with Windows Authentication?

Re: NGiNX reverse proxy with Windows Authentication?

Re: NGiNX reverse proxy with Windows Authentication?