Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
I am new to the forum so please bear with me.
We are attempting to use nginx as our reverse proxy while using windows authentication. When I use windows auth, I am presented with the normal pop up box for authentication. When I enter my credentails I am not presented/redirected to the /hub/ page. It just sits on a blank screen with what appears to be the windows auth URL (on port 4248). When we switch it to form based, the reverse proxy config works perfectly.
Can anyone take a look at my config and let me know if I'm missing something? Either on the Qlik side or the nginx side?
As a side question - is there a way with form based auth that we don't have to enter in the domain as part of the username? Can it be "cached"
Here is my current nginx config
server {
listen 443 ssl;
server_name qlik.outside;
ssl_certificate /etc/ssl/blah.crt;
ssl_certificate_key /etc/ssl/blah.key;
location / {
proxy_pass https://qlik.internal;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 60m;
proxy_redirect $scheme://$host:4244/form/ $scheme://$http_host/form/;
proxy_redirect $scheme://$host:4244/windows_authentication/ $scheme://$http_host/windows_authentication/;
}
location /form/ {
proxy_pass https://qlik.internal:4244/form/;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 60m;
}
location /windows_authentication/ {
proxy_pass https://qlik.internal:4244/windows_authentication/;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 60m;
}
}
Am I missing something obvious? Again, it's like after a successful (or even not successful) authentication, the token is never passed back to the qlik server or the qlik server never responds.
Hi Brad,
This thread will help you: Re: Reverse Proxy and Authentication port redirect
What kind of HTTP code did you get at blank screen?
G.
Hi Brad,
In the thread that Gabor links to, I'm suggesting to use /form instead of /windows_authentication which means that I do not need to pass through NTLM credentials. The free version of nginx does not support NTML, for that you will need to paid version.
I hope this helps.
Hi Torben,
Is this situation still remains or Nginx now supports NTML?
Best Regards.
yeap. but only in commercial version.