httpd asking for AUTH _twice_ when behind Varnish proxy ? works as expected without Varnish ...

PGNet Dev pgnet.dev+varnish at gmail.com
Mon Sep 21 04:57:17 CEST 2009 

hi,

i've just done a 1st migration from

	apache2+mod_ssl

to

	pound + varnish + apache2

using,

	pound -V
		Version 2.4.5
	varnishd -V
		varnishd (varnish-2.0.4)
	httpd2 -V
		Server version: Apache/2.2.13 (Linux/SUSE)

in my original apache/ssl config, i've httpd DIGEST Auth set up (atm)
on the web root.  it works as expected.

now that i've switched to the pound/varnish/apache2 setup, Auth still
works -- but makes the request twice!

if i visit

	https://www.mysite.com

i get an initial request for AUTH at my defined realm :443, then after
entering credentials there, the page paints -- and i get a second http
AUTH dialog for the _same_ realm, but at :8081.  switch back to a
direct connect, and just the one AUTH dialog ...

my relevant configs are below ...

any ideas as to what's causing the double-AUTH request, and how to fix
it would be much appreciated!

thanks!


/etc/pound.cfg
	ListenHTTP
		Address xx.xx.xx.xx
		Port    80
		Service
			Redirect "https://www.mysite.com"
		End
	End
	ListenHTTPS
		Address xx.xx.xx.xx
		Port    443
		Cert    "/crypt/ssl/ssl.crt/combined.pem"
		Ciphers "AES256-SHA:AES128-SHA"
		NoHTTPS11 2
		Service
			BackEnd
				Address 127.0.0.1
				Port    8080
			End
		End
	End

/etc/sysconfig/varnish
	VARNISHD_PARAMS="-f /etc/varnish/vcl.conf -a 127.0.0.1:8080 -T
127.0.0.1:6082 -s file,/var/cache/varnish/varnish.bin,100M -n test"

/etc/varnish/vcl.conf
	# cp of /etc/varnish/default.vcl, except:
	backend default {
	        .host = "xx.xx.xx.xx";
	        .port = "8081";
	}

/etc/apache2/vhosts.d/www.mysite.com
	...
	<VirtualHost xx.xx.xx.xx:8081>
		...
		DocumentRoot /svr/www/mysite
		...
		<Directory /svr/www/mysite>
			Options +ExecCGI +FollowSymLinks +Indexes
			DirectoryIndex index.html index.php
			
			AuthType           Digest
			AuthName           "AUTH mysite"
			AuthDigestProvider file
			AuthUserFile       /crypt/wwwauth/.passwords.md5
			AuthDigestDomain   /
			require valid-user
			AddHandler fcgid-script .php
			FCGIWrapper "/usr/bin/php-cgi5 -d apc.shm_size=25 -c /etc/php5/fastcgi/" .php
			...

More information about the varnish-misc mailing list