ntlm

Syntax:	`ntlm;`
Default:	—
Context:	`upstream`

This directive appeared in version 1.9.2.

Allows proxying requests with NTLM Authentication. The upstream connection is bound to the client connection once the client sends a request with the “Authorization” header field value starting with “Negotiate” or “NTLM”. Further client requests will be proxied through the same upstream connection, keeping the authentication context.

In order for NTLM authentication to work, it is necessary to enable keepalive connections to upstream servers. The proxy_http_version directive should be set to “1.1” and the “Connection” header field should be cleared:

upstream http_backend {
    server 127.0.0.1:8080;

    ntlm;
}

server {
    ...

    location /http/ {
        proxy_pass http://http_backend;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        ...
    }
}

When using load balancer methods other than the default round-robin method, it is necessary to activate them before the ntlm directive.

This directive is available as part of our commercial subscription.

Links:

https://nginx.org/en/docs/http/ngx_http_upstream_module.html#ntlm

doc_nginx

2017-02-09 07:07:56

Comments