Apache basic authentication issue with reverse proxy

问题

I want to add basic authentication for a reverse proxy site of Apache running on Ubuntu server 12.04.1.

The web application is Jenkins that is running on a Java EE container.

I added below configurations in httpd.conf,

ProxyPass         /jenkins/  http://localhost:8080/jenkins/¬
ProxyPassReverse  /jenkins/  http://localhost:8080/jenkins/¬
ProxyRequests     Off¬
ProxyPreserveHost On¬ 
¬
<Proxy http://localhost:8080/jenkins*>¬
  Order deny,allow¬
  Deny from all¬
▸ AllowOverride AuthConfig¬
▸ AuthType Basic¬
  AuthName "jenkins"¬
▸ AuthBasicProvider file¬
  AuthUserFile /etc/apache2/passfile¬
▸ Require valid-user¬
▸ Satisfy any¬
</Proxy>

When I used wrong password or non-exist username for authentication, I can find below messages in error.log of apache,

[Sat Oct 27 17:51:59 2012] [error] [client 222.128.175.95] user kane: authentication failure for "/jenkins/": Password Mismatch [Sat Oct 27 17:52:04 2012] [error] [client 222.128.175.95] user Aladdin not found: /jenkins/

There is no message will be logged when using right user and password in passfile. Though I input right user and password in web browser, the authentication dialog will prompt again. I also found below output in access.log of apache,

222.128.175.95 - kane [27/Oct/2012:17:39:54 +0800] "GET /jenkins/ HTTP/1.1" 401 794 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4"

Does anybody know how to make it work? Thanks.

回答1:

Do you have authentication enabled on Jenkins as well? See this link: https://wiki.jenkins-ci.org/display/JENKINS/Apache+frontend+for+security for instructions on setting this up.

Particularly note the line which says that you cannot have security enabled in Jenkins and Apache simultaneously as the two will conflict, causing the infinite prompt you are seeing. Unfortunately you have to choose one or the other.

Also see this link for a more general discussion of Apache + Jenkins setup: https://wiki.jenkins-ci.org/display/JENKINS/Running+Jenkins+behind+Apache

回答2:

Try this config

ProxyPass         /jenkins/  http://localhost:8080/jenkins/
ProxyPassReverse  /jenkins/  http://localhost:8080/jenkins/
ProxyRequests     Off
ProxyPreserveHost On

<Proxy http://localhost:8080/jenkins*>
    AllowOverride None
    Order allow,deny
    allow from all
    AuthName            "jenkins"
    AuthBasicProvider   file
    AuthType            basic
    AuthUserFile        /etc/apache2/passfile
    <Limit GET POST>
        require valid-user      
    </Limit>
    Satisfy all
</Proxy>

来源：https://stackoverflow.com/questions/13099069/apache-basic-authentication-issue-with-reverse-proxy

标签

apache

authentication

Ubuntu

Jenkins

reverse-proxy