Use windows NTLM authentication of identity nginx reverse proxy

A project using open source nginx reverse proxy windows NTLM identity verification repeated login box appears, in the final analysis belong keepalive change occurs in the NTLM authentication process leads.

 

Accordingly, the following configuration changes nginx.conf

 

worker_processes  auto;
worker_rlimit_nofile 65535;

events {
    worker_connections  65535;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';	

    access_log  logs/access.log  main;

    sendfile           on;
    keepalive_timeout  65;

# upstram 负载定义中需添加keepalive
    upstream adrms_service {
       ip_hash;
       server 192.168.1.1:443;
       server 192.168.1.2:443;
       keepalive 32;
    }

# 443 mandatory 80-port switch

    server {
                listen 80;
                server_name adrms.example.com;
                rewrite ^(.*) https://$server_name$request_uri? permanent;
    }

    server {
                listen 443 ssl;
                server_name adrms.example.com;
                ssl_certificate　　　cert/adrms.example.com.pem;
                ssl_certificate_key cert/adrms.example.com.key;

                ssl_session_cache shared:SSL:10m;
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:HIGH:!aNULL:!eNULL:!NULL:!MD5:!RC4:!DHE:!AESGCM:!DH:!EDH;
                ssl_prefer_server_ciphers on;

       		charset UTF-8;

#location 需添加proxy_http_version 1.1 和 proxy_set_header Commection "";
                location / {
              	    proxy_buffer_size 64k;
             	    proxy_buffers 32 32k;
               	    proxy_busy_buffers_size 128k;

                    proxy_set_header   Host				$host;
                    proxy_set_header   X-Real-IP		$remote_addr;
                    proxy_set_header   X-Forwarded-For	$proxy_add_x_forwarded_for;
　　　　　　　　　　　　proxy_http_version 1.1;
　　　　　　　　　　　　proxy_set_header Connection "";

                    if ( $request_uri = "/" ) {
                        rewrite ^ $scheme://$host/_wmcs/licensing/license.asmx break;
                    }

                    proxy_pass https://adrms_service;

                }

    }
}

 

The use nginx plus version, can be added directly in the special statement NTLM upstream region;

    upstream adrms_service {
       ip_hash;
       server 192.168.1.1:443;
       server 192.168.1.2:443;
       ntlm;
    }

　　

As above, you can achieve nginx proxy ntlm verification without lua code or use a commercial version of nginx plus.