Thanks Anru,
On 14/03/17 09:29, anru chen wrote:
> is that http basic auth header removed by your remote machine?
> need to check your remote machine's web server configuration.
>
> 3 places to check for errors,
> 1 > symfony error log,
> 2> your remote machine web server log.
> 3> php error log.
I'm not seeing any references in any logs... I have the nginx log (on
the host machine), a PHP log (the Docker container's stderr), but I
haven't found a useful Symfony log...
> or your remote machine has some special security enhancements.
I've been doing some reviews of the apparmor and ufw (Uncomplicated Fire
Wall) configurations on both my local machine (on which the Mautic Basic
Auth api calls work) and the dev server (on which the Basic Auth doesn't
work, returning the 401 error consistently) to see what might be different.
Amazingly, I haven't been able to find a difference yet. Both are using
equivalent nginx configurations (same version of nginx, too 1.10.0), and
both are using the *same* Docker image running PHP7.0 with the same
install process of Mautic... That implies that it's *not* the nginx
configuration (because it works on my local machine) nor is it the php
code or configuration, as they are identical... The only difference is
likely to be something subtle in either the network architecture or
perhaps minutiae of each machine's network configuration. Sigh. Tricky
for sure.
Cheers,
Dave
> <mailto:
da...@davelane.nz>> wrote:
>
>
> On 11/03/17 16:17, Jim Tittsler wrote:
> > On 03/10/2017 01:00 PM, Dave Lane wrote:
> >> I don't know much about Symfony or the HTTP_AUTHORIZATION header which
> >> gets sent and somehow processed by the http-foundation libary.
> >
> > Are you sure you are passing the header through the nginx proxy? (I
> > don't understand your item 4. description above, so maybe that is what
> > you are describing.) Does it work if you talk directly to the Docker
> > port bypassing the proxy? If so, you probably need to add something like:
> >
> > proxy_set_header Authorization $http_authorization;
> >
> > Or you can experiment by putting a static, base64 encoded "user:pass"
> > there to start with.
>
> Thanks for that suggestion, Jim - I've tried the base64 approach and
> sadly it doesn't work on the remote instance (same 401 Access denied).
>
> Oddly, I have managed to get valid api responses (so, successful auth,
> not 401) on my local instance, running with the same configuration of
> host-based nginx using fastcgi (no nginx reverse proxy) to talk to PHP
> on a Docker container (nginx in my case talks to the mapped port 9000 on
> localhost, which is the port PHP-FPM is listening on)...
>
> It works with normal curl auth queries in the form of `curl -i
> http(s)://user:pa...@mautic.local/api/contacts`.
>
> Similarly Mautic's cloud-hosted reference version responds for me with
> the same sort of queries (although I'm not sure how they configure it,
> suspect they use Apache in any case).
>
> Puzzling. Cheers,
>
> Dave
> --
> Dave Lane -
da...@davelane.nz <mailto:
da...@davelane.nz>;
>
https://davelane.nz;
+64 21 229 8147 <tel:%2B64%2021%20229%208147>
> <mailto:
nzp...@googlegroups.com>
> To unsubscribe, send email to
>
nzphpug+u...@googlegroups.com
> <mailto:
nzphpug%2Bunsu...@googlegroups.com>
> ---
> You received this message because you are subscribed to the Google
> Groups "NZ PHP Users Group" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to
nzphpug+u...@googlegroups.com
> <mailto:
nzphpug%2Bunsu...@googlegroups.com>.
> <
https://groups.google.com/d/optout>.
>
nzphpug+u...@googlegroups.com
> ---
> You received this message because you are subscribed to the Google
> Groups "NZ PHP Users Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to
nzphpug+u...@googlegroups.com
> <mailto:
nzphpug+u...@googlegroups.com>.