Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Join us in NYC Sept 4th for Qlik's AI Reality Tour! Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2016-06-27 08:27 AM

NGiNX reverse proxy with Windows Authentication?

I am new to the forum so please bear with me.

We are attempting to use nginx as our reverse proxy while using windows authentication.  When I use windows auth, I am presented with the normal pop up box for authentication.  When I enter my credentails I am not presented/redirected to the /hub/ page.  It just sits on a blank screen with what appears to be the windows auth URL (on port 4248).  When we switch it to form based, the reverse proxy config works perfectly.

Can anyone take a look at my config and let me know if I'm missing something?  Either on the Qlik side or the nginx side?

As a side question - is there a way with form based auth that we don't have to enter in the domain as part of the username?  Can it be "cached"

Here is my current nginx config

server {

        listen 443 ssl;

        server_name qlik.outside;

        ssl_certificate /etc/ssl/blah.crt;

        ssl_certificate_key /etc/ssl/blah.key;

  location / {

  proxy_pass  https://qlik.internal;

  proxy_http_version  1.1;

            proxy_set_header Host $http_host;

            proxy_set_header Upgrade $http_upgrade;

            proxy_set_header Connection "upgrade";

            proxy_read_timeout  60m;

            proxy_redirect $scheme://$host:4244/form/ $scheme://$http_host/form/;

            proxy_redirect $scheme://$host:4244/windows_authentication/ $scheme://$http_host/windows_authentication/;

        }

        location /form/ {

            proxy_pass https://qlik.internal:4244/form/;

            proxy_http_version 1.1;

            proxy_set_header Host $http_host;

            proxy_set_header Upgrade $http_upgrade;

            proxy_set_header Connection "upgrade";

            proxy_read_timeout 60m;

  }

        location /windows_authentication/ {

            proxy_pass https://qlik.internal:4244/windows_authentication/;

            proxy_http_version 1.1;

            proxy_set_header Host $http_host;

            proxy_set_header Upgrade $http_upgrade;

            proxy_set_header Connection "upgrade";

  proxy_read_timeout 60m;

  }

}

Am I missing something obvious?  Again, it's like after a successful (or even not successful) authentication, the token is never passed back to the qlik server or the qlik server never responds.

16,737 Views
0 Likes
4 Replies
undergrinder
Specialist II
Specialist II
‎2016-07-12 09:29 AM

Hi Brad,

This thread will help you: Re: Reverse Proxy and Authentication port redirect

What kind of HTTP code did you get at blank screen?

G.

11,558 Views
0 Likes
tseebach
Partner - Creator III
Partner - Creator III
‎2016-12-07 03:29 AM

Hi Brad,

In the thread that Gabor links to, I'm suggesting to use /form instead of /windows_authentication which means that I do not need to pass through NTLM credentials. The free version of nginx does not support NTML, for that you will need to paid version.

I hope this helps.

11,558 Views
0 Likes
Anonymous
Not applicable
‎2018-05-13 08:34 AM
Author

In response to tseebach

Hi Torben,

Is this situation still remains or Nginx now supports NTML?

Best Regards.

11,558 Views
0 Likes
korsikov
Partner - Specialist III
Partner - Specialist III
‎2020-04-13 02:21 AM

In response to Anonymous

yeap. but only in commercial version.

7,703 Views
0 Likes