2 Replies Latest reply: Dec 7, 2016 3:29 AM by Torben Seebach RSS

    NGiNX reverse proxy with Windows Authentication?

    Brad Artman

      I am new to the forum so please bear with me.

       

      We are attempting to use nginx as our reverse proxy while using windows authentication.  When I use windows auth, I am presented with the normal pop up box for authentication.  When I enter my credentails I am not presented/redirected to the /hub/ page.  It just sits on a blank screen with what appears to be the windows auth URL (on port 4248).  When we switch it to form based, the reverse proxy config works perfectly.

       

      Can anyone take a look at my config and let me know if I'm missing something?  Either on the Qlik side or the nginx side?

       

      As a side question - is there a way with form based auth that we don't have to enter in the domain as part of the username?  Can it be "cached"

       

      Here is my current nginx config

       

      server {

              listen 443 ssl;

              server_name qlik.outside;

              ssl_certificate /etc/ssl/blah.crt;

              ssl_certificate_key /etc/ssl/blah.key;

       

       

        location / {

        proxy_pass  https://qlik.internal;

        proxy_http_version  1.1;

                  proxy_set_header Host $http_host;

                  proxy_set_header Upgrade $http_upgrade;

                  proxy_set_header Connection "upgrade";

                  proxy_read_timeout  60m;

       

       

                  proxy_redirect $scheme://$host:4244/form/ $scheme://$http_host/form/;

                  proxy_redirect $scheme://$host:4244/windows_authentication/ $scheme://$http_host/windows_authentication/;

       

       

              }

       

       

              location /form/ {

                  proxy_pass https://qlik.internal:4244/form/;

                  proxy_http_version 1.1;

                  proxy_set_header Host $http_host;

                  proxy_set_header Upgrade $http_upgrade;

                  proxy_set_header Connection "upgrade";

                  proxy_read_timeout 60m;

       

       

        }

       

       

              location /windows_authentication/ {

       

       

                  proxy_pass https://qlik.internal:4244/windows_authentication/;

                  proxy_http_version 1.1;

                  proxy_set_header Host $http_host;

                  proxy_set_header Upgrade $http_upgrade;

                  proxy_set_header Connection "upgrade";

        proxy_read_timeout 60m;

       

       

        }

      }

       

       

      Am I missing something obvious?  Again, it's like after a successful (or even not successful) authentication, the token is never passed back to the qlik server or the qlik server never responds.