0 Replies Latest reply: Jul 12, 2016 9:51 AM by Gabor Tarnoczai RSS

    nginx + Windows authentication is very slow

    Gabor Tarnoczai

      Hi all,

       

      Qlik Sense 2.2.4 has been installed with nginx reverse proxy and Windows authentication.

      It works well, but the problem is the authentication part is very slow (it takes minutes), afterwards everything works well.

       

      Do you have any suggestion, what can I do in order to decrease the time of the authentication?

       

      Thank you!

       

      The nginx config file is below  (based on : Re: Reverse Proxy and Authentication port redirect).

      #user  nobody;

      worker_processes  1;

       

       

      #error_log  logs/error.log;

      #error_log  logs/error.log  notice;

      #error_log  logs/error.log  info;

       

       

      pid        temp/nginx.pid;

       

       

       

       

      events {

          worker_connections  1024;

      }

       

       

       

       

      http {

      include       mime.types;

          default_type  application/octet-stream;

       

       

          log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                            '$status $body_bytes_sent "$http_referer" '

                            '"$http_user_agent" "$http_x_forwarded_for"';

       

       

          #access_log  logs/access.log  main;

       

       

          sendfile        on;

          #tcp_nopush     on;

       

       

          #keepalive_timeout  0;

          keepalive_timeout  65;

       

       

          client_max_body_size 55m;

       

       

          #gzip  on;

       

       

        scgi_temp_path  temp/uwsgi_temp 1 2;

        uwsgi_temp_path  temp/uwsgi_temp 1 2;

       

       

        fastcgi_connect_timeout 1;

       

       

       

       

          gzip  on;

       

          map $http_upgrade $connection_upgrade {

              default upgrade;

              ''      close;

        }

       

       

       

       

       

       

       

      server {

       

       

          listen   8080;

       

       

           rewrite_log on;

       

       

       

       

       

       

       

       

          server_name     localhost;

       

       

              location / {

       

       

                  proxy_pass  http://win-7ov072jufar:48088;

       

       

                  proxy_http_version  1.1;

       

       

                  proxy_set_header Upgrade $http_upgrade;

       

       

                  proxy_set_header Connection "upgrade";

       

       

                  proxy_set_header Host $http_host;

       

       

                  proxy_redirect $scheme://$host:4248/form/ $scheme://$http_host/form/;

       

       

                  proxy_redirect $scheme://$host:4248/windows_authentication/ $scheme://$http_host/windows_authentication/;

       

       

       

       

       

       

       

       

                  proxy_read_timeout  60m;

       

       

              }

       

       

              location /form {

       

       

                  proxy_set_header Host $http_host;

       

       

                  proxy_pass http://win-7ov072jufar:4248;

       

       

                  proxy_http_version 1.1;

       

       

                  proxy_set_header Upgrade $http_upgrade;

       

       

                  proxy_set_header Connection "upgrade";

       

       

                  proxy_read_timeout 60m;

       

       

          }

       

       

              location /windows_authentication {

       

       

                  proxy_set_header Host $http_host;

       

       

                  proxy_pass http://win-7ov072jufar:4248;

       

       

                  proxy_http_version 1.1;

       

       

                  proxy_set_header Upgrade $http_upgrade;

       

       

                  proxy_set_header Connection "upgrade";

       

       

                  proxy_read_timeout 60m;

       

       

          }

       

       

        }

       

       

        server {

        listen 127.0.0.1:44333;

        include ssl.conf;

       

       

        root home/localhost/public_html;

        index index.php index.html;

       

       

        log_not_found off;

              charset utf-8;

       

       

        #access_log  logs/access.log  main;

       

       

        location ~ /\. {deny all;}

       

       

        location / {

       

       

        if ($host ~ ^(www\.)?([a-z0-9\-\.]+)$){

        root home/$2/public_html;

        access_log  logs/$2-access.log  main;

        }

       

       

        }

       

       

              location ~ \.php$ {

       

       

        if ($host ~ ^(www\.)?([a-z0-9\-\.]+)$){

        root home/$2/public_html;

        access_log  logs/$2-access.log  main;

        }

       

       

        if (!-e $document_root$document_uri){return 404;}

        fastcgi_pass localhost:9000;

        fastcgi_index index.php;

        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

       

       

        include fastcgi_params;

       

       

              }

        }

       

       

       

       

        include tools-*.conf;

       

       

        include vhosts/*.conf;

       

       

      }

       

       

      G.