I want to do authorization with OAuth2-Proxy on my linux server with NGINX installed. I also run streamlit applications on the server and run them in subdirectories with reverse proxy (you can see my NGINX configuration files). I want to restrict access to my streamlit applications with OAuth2-proxy. For this reason, I would like to install OAuth2-Proxy and when accessing the directory where the streamlit applications are located with auth_request from NGINX settings, I want it to automatically check for access permission, if there is access permission, access the application, if not, redirect to the login screen. The OAuth2-Proxy connection directs the user directly to Azure AD. There is no login screen. OAuth2-Proxy works fine, it redirects me directly to the login screen when I enter the connection I set as reverse proxy, but when I add the directory where Oauth2-proxy works as auth_request in the reverse proxy settings, I get 404 Not Found error when I visit the streamlit application connections.
My auth.conf file for OAuth2-Proxy:
location /auth {
proxy_pass http://127.0.0.1:4180;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
}
My streamlit app reverse proxy conf:
location /testapp {
auth_request /auth;
auth_request_set $user $upstream_http_x_user;
proxy_set_header X-User $user;
proxy_pass http://[***HIDDEN***]:8503/testapp;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 86400;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
}
I checked my nginx installation for auth_request module and here is output.
(root@can /etc/nginx/default.d)$ nginx -V 2>&1 | grep -o with-http_auth_request_module with-http_auth_request_module
Here is nginx access.log output:
2023/07/27 07:58:36 [error] 23877#23877: *119258 auth request unexpected status: 302 while sending to client, client: [***HIDDEN***], server: [***HIDDEN***], request: "GET /testapp HTTP/2.0", host: "[***HIDDEN***]"
I tried to change proxy headers but it didn't work.