nginx-jwt how used without proxy pass after lua script

[dipenpatel235]

Hello..
i want to used below block in nginx conf and after authentication i don't want to proxy pass
instead of i want to add extention and then access that file. but using that change i can able to access without authentication

    location /users/name {
        access_by_lua '
        local jwt = require("nginx-jwt")
        jwt.auth()
        ';
    rewrite ^(.*)$ $1.php last;
    try_files $uri $uri/ /index.php;
    }

So please help me to fix that issue...

Thanks

[smashedtoatoms]

Hrm, it looks like nginx-jwt sets the ngx.HTTP_UNAUTHORIZED flag, so I'm not actually sure why that rewrite happens regardless. I'm not a master of the inner workings of nginx. You might want to hit up nginx support and see if they can tell you what is happening. My suspicion is that since you're rewriting the url, it's somehow rewriting the url around your location definition that is behind your authentication, but that is just a guess.

[smashedtoatoms]

Can you try doing your rewrite something like this?

location /users/name {
  access_by_lua '
    local jwt = require("nginx-jwt")
    jwt.auth()
  ';
  rewrite ^/users/name/(.*)$  /users/name/$1.php  last;
  try_files $uri $uri/ /index.php;
}

I think what it is doing is rewriting your url to something you don't have behind authentication. I still don't totally understand why the ngx.HTTP_UNAUTHORIZED flag gets ignored, but I suspect it's processed at a different time than the redirect is. Again, my nginx foo isn't strong, so take what I say with a grain of salt.

[dipenpatel235]

Can you try doing your rewrite something like this?

• yes i have try that and same thing...it is ignoring to check jwt authentication.

• i have also try without rewrite rule api url like https://www.myhost.com/users/name.php but same thing.

location /users/name {
access_by_lua '
local jwt = require("nginx-jwt")
jwt.auth()
';
try_files $uri $uri/ /index.php;
}

FYI:
https://www.myhost.com/users/name
On that URL i am post json data and jwt authentication header.

location /users/name {
access_by_lua '
local jwt = require("nginx-jwt")
jwt.auth()
';
rewrite ^/users/name/(.*)$ /users/name/$1.php last;
try_files $uri $uri/ /index.php;
}

[smashedtoatoms]

Okay, there are different phases to nginx routing/response generation, and I suspect that the rewrite is before or in the same phase as the lua code instead of after it. You'll probably have to check out the nginx docs/support to see if you can sort it out. I basically only use nginx as a proxy pass, so I've never had to try to do the rewrite like that.

[smashedtoatoms]

Someone else on here might know better. I'm sorry I don't know this. I'll keep messing with it and see if I can sort it out.

[dipenpatel235]

ok..thanks finally i have did using below trick

location /users/name {
access_by_lua '
local jwt = require("nginx-jwt")
jwt.auth()
';
proxy_pass 127.0.0.1:8888;
}

then in 8888 port server i have rewrite as per below block and it is worked.

location /users/name {
rewrite ^(.*)$ $1.php last;
try_files $uri $uri/ /index.php;
}

Thanks