Using Nginx to front "Windows Remote Management" web services

Question

I want NGINX to front requests that will backend proxy WinRM / WSMAN requests. Nginx should listen on port 80 and backend proxy to port 5985.

nginx config:

server {
    listen          80;
    server_name     wsman.example.com;
    index           index.html default.aspx;

    location / {
            proxy_pass              http://192.168.5.8:5985;
            proxy_set_header        Host            $host;
            proxy_set_header        X-Real-IP       $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            client_max_body_size    10m;
            client_body_buffer_size 128k;
            proxy_connect_timeout   90;
            proxy_send_timeout      90;
            proxy_read_timeout      90;
            proxy_buffers           32 4k;
    }
}

I'm testing this through powershell remoting. If I hit the server directly it works, but when I try to go through the proxy it fails. Looking through network capture, it seems to do ok with the authorization request, but then powershell reports an "Access Denied". Am I missing something special in the Nginx config, or does it simply not work due to Microsoft's implementation (i.e. how nginx can't front end NTLM auth requests due to Microsoft's implementation)

Any help here? http://msdn.microsoft.com/en-us/library/ee309366(v=vs.85).aspx — mjolinor, Nov 19 '13 at 19:11
@mjolinor Yes: "The proxy server does not support connection-based authentication, which can cause the authentication against the destination server to fail with an access denied error.". I believe it's the same reason why SharePoint is problematic to reverse-proxy, because the connection is closed and not kept alive — The Unique Paul Smith, Nov 19 '13 at 19:16

Using Nginx to front "Windows Remote Management" web services

0 Answers0