interesting fact from yesterday evening. Apache in front of Rails on Mongrel, does not deliver the REMOTE_USER Header from basic auth.
1
@phaus REMOTE_USER stays in the Apache process AFAIK. Some mod_rewrite magic will surely help?
2
@stilkov actually not. Java was a netty server. Running as its own process on its own port. And there it works just fine. PHP was PHP-FPM.
1
@phaus And the connection to Netty from Apache was pure HTTP? Surely not, but rather mod_jk?
1
@stilkov yes. definitely no mod_jk. I hate apps, depending on Apaches/Frontend remote_user header instead of doing their own basic-auth.
2
@phaus And for the record, I disagree :-) I don't see why apps should be doing their own basic auth
1
@stilkov for example to achieve a clear logout? To do an auth against LDAP (Apache module is buggy). To offer different Auth Methodes?
1
@phaus All of these are infrastructure issues, not application issues - not at all related to business functionality
2
@stilkov Love this approach: Frontend Servers just for routing. 12factor.net/port-binding
1
Replying to @phaus
@phaus I don't see doing auth in a frontend web server as not compliant to this rule, BTW. On the contrary, in fact.

Sep 27, 2012 路 6:13 PM UTC

2
Replying to @stilkov
@stilkov they state that Apps arr Self-contained. So there is no Container in tomcat/Apache. So no Apache user Header.
1
@phaus an app that expects an HTTP header *is* self-contained. In fact it's much simpler if it just relies on the username
Replying to @stilkov
@stilkov doing Basic auth with an Apache is ok. I just don't want to setup an Apache for Development, course the App won't work without.
1
@phaus We should probably do this f2f or via email :-)
1
more replies