Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nginx-ntlm-module module support #32

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

nginx-ntlm-module module support #32

wants to merge 2 commits into from

Conversation

jens-maus
Copy link

@jens-maus jens-maus commented Aug 9, 2024
edited
Loading

This PR adds https://github.com/gabihodoroaga/nginx-ntlm-module to the openresty build to address the following long-standing issues by implementing basic support for NTLM based single-sign-on proxying using nginx proxy manager:

NginxProxyManager/nginx-proxy-manager#1117
NginxProxyManager/nginx-proxy-manager#1138
NginxProxyManager/nginx-proxy-manager#2037
NginxProxyManager/nginx-proxy-manager#3181
NginxProxyManager/nginx-proxy-manager#3797

In practice, the following steps are then required to get NTLM authentication successful running with NPM:

  1. add the following section to the /data/nginx/custom/root_top.conf file to load the module:
load_module /usr/lib/nginx/modules/ngx_http_upstream_ntlm_module.so;
  1. add the following to the /data/nginx/custom/http.conf file to define the NTLM aware upstream target:
upstream target {
  server 192.168.1.1:443;
  ntlm;
}
  1. add the following to the proxy configuration in the Advanced tab:
location /  {
  proxy_http_version 1.1;
  proxy_set_header Connection "";
  proxy_pass https://target;
}

Then, the NTLM authentication should proceed and work nicely.

P.S.:
As a side note for users which cannot wait until a new nginx proxy manager version with this integrated NTLM module is out, one can also simply compile it using the docker-nginx-full repository and the local-build.sh script, then extract the ngx_http_upstream_ntlm_module.so file and put it into e.g. the /data/nginx/modules path and simply use the following load_module call in step 1 instead:

load_module /data/nginx/modules/ngx_http_upstream_ntlm_module.so;

@DragonSMART
Copy link

DragonSMART commented Sep 10, 2024
edited
Loading

compile in ubuntu 24.04
ngx_http_upstream_ntlm_module.zip

@jens-maus
Copy link
Author

@jc21 Any chance to get this PR integrated anytime soon so that the mentioned tickets/issues can be closed and NTLM authentication support directly integrated in NGINX proxy manager?

@Hinata-Kayuki
Copy link

UP I need this feature

@JYewman
Copy link

JYewman commented Nov 8, 2024

Completely agree with this PR, this feature is definitely needed!

@MeJIuFaRo
Copy link

MeJIuFaRo commented Nov 28, 2024
edited
Loading

@jens-maus
Thank you very much.!

@toralux
Copy link

toralux commented Dec 29, 2024

UP I need this feature

@toralux
Copy link

toralux commented Dec 29, 2024
edited
Loading

@jens-maus I tried to follow the description in the bottom if I cannot wait, however I get an error about invalid ELF header and Nginx Proxy Manager UI will not start.

From /var/log/nginx/error.log:

2024/12/29 16:31:06 [emerg] 395#395: dlopen() "/data/nginx/modules/ngx_http_upstream_ntlm_module.so" failed (/data/nginx/modules/ngx_http_upstream_ntlm_module.so: invalid ELF header) in /data/nginx/custom/root_top.conf:1

I copied ngx_http_upstream_ntlm_module.so from the docker-nginx-full container image to /data/nginx/modules in the nginx proxy manager container image and both containers show the same Linux version running uname -a but still invalid ELF header:

Linux 272e1058f7ec 6.8.0-48-generic #48-Ubuntu SMP PREEMPT_DYNAMIC Fri Sep 27 14:04:52 UTC 2024 x86_64 GNU/Linux
Linux ddbf4866c671 6.8.0-48-generic #48-Ubuntu SMP PREEMPT_DYNAMIC Fri Sep 27 14:04:52 UTC 2024 x86_64 GNU/Linux

I tried the binary from @DragonSMART and it is for sure ELF file, however I then get another error message from /var/log/nginx/error.log

2024/12/29 19:31:39 [emerg] 384#384: module "/data/nginx/modules/ngx_http_upstream_ntlm_module.so" version 1021004 instead of 1025003 in /data/nginx/custom/root_top.conf:1

Any insights how to extract the ngx_http_upstream_ntlm_module.so for immediate as it looks like no one is going to accept this merge request in a timely fashion...

Edit1: Switching from image: jc21/nginx-proxy-manager:latest to image: jc21/nginx-proxy-manager:2.10.4 was compatible with binary from @DragonSMART so moving forward with this, thanks

Edit2: Even if no errors when adding load_module /data/nginx/modules/ngx_http_upstream_ntlm_module.so; in file /data/nginx/custom/http.conf I get unknown directive "ntlm" error from /var/log/nginx/error.log

2024/12/29 22:22:00 [emerg] 398#398: unknown directive "ntlm" in /data/nginx/custom/http.conf:3

I'm listing loaded nginx modules, ntlm not mentioned:

# nginx -V 2>&1 | tr -- - '\n' | grep _module
http_addition_module
http_auth_request_module
http_dav_module
http_flv_module
http_gunzip_module
http_gzip_static_module
http_mp4_module
http_random_index_module
http_realip_module
http_secure_link_module
http_slice_module
http_ssl_module
http_stub_status_module
http_sub_module
http_v2_module
mail_ssl_module
stream_realip_module
stream_ssl_module
stream_ssl_preread_module

Any ideas?

@toralux toralux mentioned this pull request Dec 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@jens-maus @DragonSMART @Hinata-Kayuki @JYewman @MeJIuFaRo @toralux