nginx reverse proxy with Windows authentication that uses NTLM

Question

Anyone knows if is possible to do reverse proxy with Windows authentication that uses NTLM? I cant find any example on this. What should be the values of more_set_headers fi

Answer 1

As far as I know, this is currently not possible with nginx. I investigated this in depth myself just a little while ago. The basic problem is that NTLM authentication will require the same socket be used on the subsequent request, but the proxy doesn't do that. Until the nginx development team provides some kind of support for this behavior, the way I handled this was by resorting to authenticate in the reverse proxy itself. I am currently doing this using apache 2.2, mod_proxy, mod_auth_sspi (not perfect, but works). Good luck! Sorry nginx, I love you, but we could really use some help for this common use case.