How do I get Nginx to pass authentication on to SharePoint as a reverse proxy?

English Network/Internet
1

ISP---->Opensuse13.2------>Win2012R2+SharePoint2010
(note - this is not the same as nginx providing the auth using a password file - it should just be marshelling everythnig between the browser/server)
I have a big problem about ntlm authentication with sharepoint applications and nginx reverse proxy.

Opensuse with nginx:


kiev:~/bin/0 # uname -aLinux kiev 3.11.10-25-default #1 SMP Wed Dec 17 17:57:03 UTC 2014 (8210f77) i686 i686 i386 GNU/Linux

kiev:~/bin/0 # rpm -qa | grep -i nginx
nginx-1.4.7-3.9.1.i586

kiev:~/bin/0 # cat /etc/nginx/vhosts.d/eosdemoamiua.conf


server {
    listen        94.45.50.86:80;
        server_name    eosdemo.ami.ua;
location / {
            proxy_pass http://backend00;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
proxy_pass_request_headers on;
            }


        access_log    /var/log/nginx/eosdemoamiua.access combined;
    error_log    /var/log/nginx/eosdemoamiua.error;
}

Problem - getting repeatedly prompted for auth ;(

Please, Help me.

2

This is not possible with nginx currently due to the way NTLM authentication works.

You can accomplish this with Apache and a few modules.

3

Thank you/

Where i can read example ?

Serg

4

Although I’m currently very unenlightened about how to configure nginx,
I can try to apply some things I know about web servers and auth in general…

If NTLMv2 doesn’t work (and a simple Googling suggests this is so), you still have 2 other potential auth protocols… HTTP Basic and NTLM digest. I didn’t look deeply at the second, but it appears that the first may be possible.

Here is a post that describes pretty closely what you’re trying to do (nginx reverse proxy in front of a SharePoint). Note that the result is unclear… It “mostly” works but may still have some unresolved issues (hence, the final comment suggesting a different solution).
http://stackoverflow.com/questions/14839712/nginx-reverse-proxy-passthrough-basic-authenication

The following describes setting up an nginx reverse proxy in front of an Apache web server, but IMO should work in front of an IIS as well. But, may still be subject to some Sharepoint specific issues which plagued the above solution
https://www.digitalocean.com/community/tutorials/how-to-set-up-http-authentication-with-nginx-on-ubuntu-12-10

As I noted, maybe Basic Auth still isn’t the best solution. I didn’t investigate NTLM digest, might be worth considering.

HTH,
TSU

5

Thank your !
Serg