I found the following workaround for this sub-location authentication
issue - I set up additional Apache listener on port 80 in reverse
proxy mode before my Passenger enabled Apache on different port. Of
course it results in some additional overhead as all requests are
going through two Apache listeners but probably this overhead is not
relevant compared to Rails request processing total time.
Does anybody have any better suggestion?
The resulting virtual hosts configuration file looks like this:
----------
RailsAutoDetect off
<VirtualHost *:80>
DocumentRoot ".../myapplication/public"
RewriteEngine On
# Don't do forward proxying
ProxyRequests Off
# Enable reverse proxying
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# NTLM authentication
<Location /winlogin>
AuthName "My Application"
AuthType NTLM
NTLMAuth on
NTLMAuthoritative on
NTLMDomain
domain.com
NTLMServer
dc01.domain.com
NTLMBackup
dc02.domain.com
require valid-user
</Location>
# Pass domain user in header
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1]
RequestHeader add X-Forwarded-User %{RU}e
# Redirect all non-static requests to haproxy
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
# the P option to the last rule replaces the ProxyPass and
ProxyPassReverse directives.
RewriteRule ^/(.*)$ http://127.0.0.1:8100%{REQUEST_URI} [L,P,QSA]
</VirtualHost>
Listen
127.0.0.1:8100
<VirtualHost
127.0.0.1:8100>
DocumentRoot ".../myapplication/public"
RailsBaseURI /
RailsEnv production
</VirtualHost>
----------
Kind regards,
Raimonds
On Dec 5, 8:07 pm, Raimonds Simanovskis
<
raimonds.simanovs...@gmail.com> wrote:
> I am using Apache with patched mod_ntlm (seehttp://
blog.rayapps.com/2008/12/02/ntlm-windows-domain-authentication...)