nipun59
By:
nipun59

Why am I getting Proxy returns “HTTP/1.1 407 authenticationrequired”?

July 7, 2017 1.5k views
Nginx Configuration Management Ubuntu 16.04

I am using nginx, gunicorn, django for backend. I have created apis in django, and these apis works fine for me from postman and even from my python code. But when I try to access the api from proxy server it gives me 'Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 authenticationrequired."'

Here are my nginx settings :

server {
    listen 80;
    server_name mywebsite.in;
    return 301 https://$host$request_uri;
}

server {
    listen 80;
    server_name www.mywebsite.in;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl ;
    server_name mywebsite.in ;
    ssl_certificate /root/mywebsite.in.crt;
    ssl_certificate_key /root/mywebsite.in.key;

    #FOR SERVING HTML PAGES
    root /root/front/mywebsite ;
    index index.html index.php;

    location /py/ {

        include proxy_params;
        proxy_set_header X-Forwarded-Protocol https ;
        proxy_ssl_session_reuse off;
        # proxy_ssl_certificate /root/mywebsite.in.crt;
        # proxy_ssl_certificate_key /root/mywebsite.in.key;
        # proxy_ssl_client_certificate /root/intermediate.crt;
        # proxy_ssl_verify off;

        proxy_pass http://localhost:8000/ ;
    }

    location /blog/ {
    proxy_pass https://mywebsitein.blogspot.in/;
    }

    location /upload {
    #  auth_basic                 "Restricted Upload";
    #  auth_basic_user_file       basic.htpasswd;
    limit_except POST          { deny all; }

    client_body_temp_path      /tmp/$request_body_file;
    client_body_in_file_only   on;
    client_body_buffer_size    128K;
    client_max_body_size       1000M;

    proxy_pass_request_headers on;
    proxy_set_header           X-FILE $request_body_file;
    proxy_set_body             off;
    proxy_redirect             off;
    proxy_pass                 http://localhost:8000/file;
    }
}

Here is my nginx.conf

user www-data;
worker_processes 4;
pid /run/nginx.pid;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    proxy_read_timeout 1200;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;
    expires 1h;
    add_header Cache-Control no-cache;
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon application/javascript;
}

My API Is of the form https://www.mywebsite.in/py/api/main

Link for the question asked on stackoverflow.

4 Answers

Hi @nipun59

Make sure there's no spaces between the last character and the semi-colon.
And can you share the /etc/nginx/proxy_params ?

@hansen here is /etc/nginx/proxy_params

proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;


  • @nipun59
    Can you run this command to test how it works in cURL:

    curl 'http://httpbin.org/redirect-to?url=https://www.mywebsite.in/' -s -L -x localhost:8000 -v -o /dev/null
    
    • I should run this on my droplet's ubuntu instance?

      • Yes, since we're trying to connect via localhost:8000

        • First I tried to my API URL
          curl 'http://httpbin.org/redirect-to?url=https://www.mywebsite.in/py/api' -s -L -x localhost:8000 -v -o /dev/null

          Response was

          * Hostname was NOT found in DNS cache
          *   Trying 127.0.0.1...
          * Connected to localhost (127.0.0.1) port 8000 (#0)
          > GET http://httpbin.org/redirect-to?url=https://www.mywebsite.in/py/api HTTP/1.1
          > User-Agent: curl/7.35.0
          > Host: httpbin.org
          > Accept: */*
          > Proxy-Connection: Keep-Alive
          >
          * HTTP 1.0, assume close after body
          < HTTP/1.0 400 BAD REQUEST
          < Date: Fri, 07 Jul 2017 11:05:11 GMT
          < Server: WSGIServer/0.1 Python/2.7.6
          < X-Frame-Options: SAMEORIGIN
          < Content-Type: text/html
          <
          { [data not shown]
          * Closing connection 0
          

          Then I tried for the main URL :
          curl 'http://httpbin.org/redirect-to?url=https://www.mywebsite.in/' -s -L -x localhost:8000 -v -o /dev/null

          Response was :

          * Hostname was NOT found in DNS cache
          *   Trying 127.0.0.1...
          * Connected to localhost (127.0.0.1) port 8000 (#0)
          > GET http://httpbin.org/redirect-to?url=https://www.mywebsite.in/ HTTP/1.1
          > User-Agent: curl/7.35.0
          > Host: httpbin.org
          > Accept: */*
          > Proxy-Connection: Keep-Alive
          >
          * HTTP 1.0, assume close after body
          < HTTP/1.0 400 BAD REQUEST
          < Date: Fri, 07 Jul 2017 11:06:00 GMT
          < Server: WSGIServer/0.1 Python/2.7.6
          < X-Frame-Options: SAMEORIGIN
          < Content-Type: text/html
          <
          { [data not shown]
          * Closing connection 0
          

@nipun59
What are you getting, when you run this?

curl 'http://localhost:8000/py/api/main' -s -L -v -o /dev/null

On Trying : curl 'http://localhost:8000/py/api/main' -s -L -v -o /dev/null
Response is :

* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8000 (#0)
> GET /py/merchant/upi/callBackP2MRes?meRes="nipun" HTTP/1.1
> User-Agent: curl/7.35.0
> Host: localhost:8000
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 404 NOT FOUND
< Date: Mon, 10 Jul 2017 12:56:22 GMT
< Server: WSGIServer/0.1 Python/2.7.6
< X-Frame-Options: SAMEORIGIN
< Content-Type: text/html
<
{ [data not shown]
* Closing connection 0

The above one must give 404 because nginx server handles all the '/py/' type of requests and pass the rest on to the gunicorn server, so therefore I tried the below one.

On Trying : curl 'http://localhost:8000/api/main/' -s -L -v -o /dev/null

* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8000 (#0)
> GET /api/main/ HTTP/1.1
> User-Agent: curl/7.35.0
> Host: localhost:8000
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Date: Mon, 10 Jul 2017 12:56:50 GMT
< Server: WSGIServer/0.1 Python/2.7.6
< Vary: Accept, Cookie
< X-Frame-Options: SAMEORIGIN
< Content-Type: application/json
< Allow: GET, POST, HEAD, OPTIONS
<
{ [data not shown]
* Closing connection 0
Have another answer? Share your knowledge.