Adding custom HTTP headers to nginx X-Accel-Redirect

Question

I am serving restricted downloads in rails using X-Accel-Redirect with nginx. To validate my downloads in client app, i am trying to send the checksum in the non standard HTTP header Content-MD5 to the X-Accel-Redirect request. But this is not working.

below the rails snippet used to do the redirection

headers['X-Accel-Redirect'] = '/download_public/uploads/stories/' + params[:story_id] +'/' + params[:story_id] + '.zip'
            headers['X-Accel-Expires'] = 'max'
            checksum = Digest::MD5.file(Rails.root.dirname.to_s+'/public/uploads/stories/' + params[:story_id] +'/' + params[:story_id] + '.zip').hexdigest
            headers['Content-MD5'] = checksum
            request.session_options[:skip] = true
            render :nothing => true, :content_type => MIME::Types.type_for('.zip').first.content_type

This is the nginx section

location /download_public { 
 internal;
 proxy_pass_header Content-MD5;
 add_header Cache-Control "public, max-age=315360000";
 add_header Content-Disposition "inline"; 
 alias /var/www/sss/public; 
}

This is not working apparently. I am not able to get the Content-MD5 header in my responses. Is there any way to pass my Content-MD5 header from rails?

I know there are ways to do that entirely in nginx, like compiling nginx with perl or lua and easily calculate the MD5 on the fly. But i dont want to do that.

Any help is much appreciated.

@AlexeyTen, i got this error `nginx: [emerg] unknown "upstream_content_md5" variable` — RameshVel, Jul 01 '14 at 09:57
Oops, it's `$upstream_http_content_md5`. See http://nginx.org/r/$upstream_http_ — Alexey Ten, Jul 01 '14 at 11:29
@AlexeyTen, it works.. :) please add this as answer, i ll accept it — RameshVel, Jul 01 '14 at 11:34

score 20 · Accepted Answer · answered Jul 01 '14 at 11:37

20

Use add_header Content-MD5 $upstream_http_content_md5;

Since X-Accel-Redirect causes internal redirect nginx will not send returned headers, but it will keep them in $upstream_http_... variables. So you could use them.

answered Jul 01 '14 at 11:37

Alexey Ten

13,794
6
44
54

same problem but with the aws s3 redirect. Could you please have a look at the question here http://stackoverflow.com/questions/24971724/nginx-pass-upstream-headers-to-the-remote-request . any help is much appreciated – RameshVel Jul 26 '14 at 14:35
If I am doing proxy_pass inside "internal" location - then $upstream_.. variables becomes empty. How to fix that? – urmurmur Jan 05 '21 at 17:20
@urmurmur ask new question – Alexey Ten Jan 08 '21 at 14:50
`nginx will not send returned headers` - seems `Content-Type` is an exception, that header will be forwarded even without `add_header` – hanshenrik Feb 24 '21 at 16:47

score 5 · Answer 2 · answered Jun 07 '21 at 11:38

5

I've tried accepted answer and it doesn't work for me. But this works:

 set $authorization "$upstream_http_authorization";
 proxy_set_header Authorization $authorization; # Pass on secret from back end

(copy-pasted from this article https://clubhouse.io/developer-how-to/how-to-use-internal-redirects-in-nginx/)

It's interesting that it's important to extract variable. This does not work for me:

 proxy_set_header Authorization "$upstream_http_authorization";

answered Jun 07 '21 at 11:38

Oleg Vazhnev

23,239
54
171
305

This answer is underrated. I can confirm that without the variable it does not work. Thank you. – binwiederhier Sep 15 '21 at 17:09
Yes, interesting indeed that it behaves this way. I've read and re-read the nginx docs and I'm utterly unable to understand why it should do this. Anyone with answers, please speak up! :-D – Neilski Feb 20 '22 at 19:56
For me it only works with: `more_set_headers "Content-Security-Policy: $upstream_http_content_security_policy";` (I needed to set the CSP header for a file served via `X-Accel-Redirect`.) – panzi Nov 02 '22 at 23:24

Adding custom HTTP headers to nginx X-Accel-Redirect

2 Answers2

Linked

Related