•  31-05-2022
  •  | 
  •  

Question

I'd like to expose some of Cloudant's couchdb features through NGINX running on my domain by using proxy_pass. So far I have worked out a few kinks (noted below), but I am stuck as far as authorization. Does anyone have any tips?

location /couchdb {
    rewrite /couchdb/(.*) /$1 break;   #chop off start of this url

    proxy_redirect off
    proxy_buffering off;
    proxy_set_header Host myusername.cloudant.com;   
    # cannot use $host! must specify my vhost on cloudant

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Authorization "Basic base64-encode(username:password)";

    proxy_pass http://myusername.cloudant.com$request_uri;
    # must use a variable in this url so that the domain is looked up late. 
    # otherwise nginx will fail to start about half the time because of resolver issues
    # (unknown why though)
}

Using this setup, I can successfully proxy to Cloudant, but I always receive a forbidden response. For instance, this request:

http://mydomain/couchdb/my-cloudant-db

returns

{"error":"forbidden", "reason":"_reader access is required for this request"}

Thanks for any help.

Was it helpful?

Solution

I found the issue. The innocuous looking rewrite rule as the first line rewrites the $request_uri and changes the $uri variable as part of request fulfillment. $request_uri is not changed by rewrite. So when I included that variable in the proxy_pass location, I was not properly including the edited url with the /couchdb/ removed.

Changing the proxy_pass line to:

proxy_pass http://myusername.cloudant.com$uri;

Now works without issue. This was not an SSL problem nor a problem with Basic Authentication nor other http header issue nor a problem with Cloudant. This was all related to the URI I was forwarding my request to.

OTHER TIPS

I had a problem with an error 'no resolver defined to resolve'. I managed to solve it by actually adding a resolver. e.g.: resolver 8.8.8.8;

Ref: http://www.nginx-discovery.com/2011/05/day-51-proxypass-and-resolver.html

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top