Required Help on satisfy any setup

Server NGINX
1

I am using 2 layer NGINX. Fist layer NGINX works as a load balancer and
forwards all HTTP traffic another NGINX based on HTTP or HTTPS.

When i setup below conditions its not working.

location / {
satisfy any;
allow xx.xx.xx.xx/32;
allow yy.yy.yy.yy/32;
auth_basic “Restricted”
auth_basic_user_file /etc/nginx/password;
}

When I try accessing my / from IP xx.xx.xx.xx its throwing me the 401
error,
This log is not logging on my 2nd layer NGINX, only LB NGINX logging
this
information.

If i change allow to any instead of specific IP things works fine.
without
401 error. Some one can suggest me why the alloe not working for the
specific IP?

I tried both allow method,

allow xx.xx.xx.xx and allow xx.xx.xx.xx/32;

Any help would be appreciated.

thanks,

Posted at Nginx Forum:

2

I do use following proxy set options.

ocation / {
proxy_pass http://backend;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Port 80;
proxy_set_header Host $host;
}

In my upstream the backend the my protected second NGINX server.

Posted at Nginx Forum:

3

On Tue, Feb 24, 2015 at 10:13:26AM -0500, mathi wrote:

Hi there,

I am using 2 layer NGINX. Fist layer NGINX works as a load balancer and
forwards all HTTP traffic another NGINX based on HTTP or HTTPS.

When i setup below conditions its not working.

location / {
satisfy any;
allow xx.xx.xx.xx/32;
allow yy.yy.yy.yy/32;
auth_basic “Restricted”

Missing semicolon on the previous line.

auth_basic_user_file /etc/nginx/password;
}

This can work on the first nginx, because it knows the real client
address.

If you want it to work on the second nginx, you probably need to use
Module ngx_http_realip_module - but I have
not tested that myself.

f

Francis D. [email protected]