ttyd icon indicating copy to clipboard operation
ttyd copied to clipboard

Reconnect When Using an Auth Proxy With a Login Page

Open r10r opened this issue 2 years ago • 1 comments

Hi @tsl0922,

I want to use the Auth Proxy feature with nginx as a reverse proxy and the auth request module. The auth server returns 401 when the auth token cookie is expired. Nginx intercepts the 401 errors and redirects the client the login page.

When I hit CTRL-R to reload the page I'm redirected to the login page as expected. But the overlay Press Enter to Reconnect does not work.

How can the Press Enter to Reconnect handle this setup ? (page reload ?)

Btw. the /token handler always returns an empty token - is this not implemented yet?

# http://nginx.org/en/docs/http/ngx_http_upstream_module.html#directives
upstream auth_server {
        server $AUTH_SERVER;
}

upstream backend {
        server http://ttyd:7681;
}

server {
        listen 8080 default_server;
        listen [::]:8080 default_server;

        error_page 401 403 = @unauthorized;

        location / {
                proxy_pass http://backend;

                # See http://nginx.org/en/docs/http/ngx_http_auth_request_module.html
                auth_request /auth;
                auth_request_set $webauth_user $upstream_http_x_webauth_user;

                # enable websocket support for proxy
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                proxy_set_header Host $host;
                proxy_set_header X-WEBAUTH-USER $webauth_user;
                # See https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors
                proxy_intercept_errors on;
        }

        location @unauthorized {
                # requires the module nginx-mod-http-set-misc
                # See https://github.com/openresty/set-misc-nginx-module#set_escape_uri
                set_escape_uri $redirect_uri $request_uri;
                # The $http_host variable always contains the value of the HTTP *host* header.
                # The $http_host variable must be used because the port exposed by the container
                # may be different from the port where nginx actually listens on.
                # See also (https://nginx.org/en/docs/http/ngx_http_core_module.html#var_host)
                return 302 $scheme://$http_host/login?redirect_uri=$redirect_uri;
        }

    location = /auth {
                internal;
                proxy_pass http://auth_server;
                proxy_pass_request_body off;
                proxy_set_header Content-Length "";
                proxy_set_header X-Original-URI $request_uri;
    }

    location ~ ^/(login|logout) {
                proxy_pass http://auth_server;
                proxy_intercept_errors on;
    }
}

r10r avatar Apr 05 '22 08:04 r10r