[nginx-stable+yubi] NGINX worker process exiting on signal 11 (core dumped) when using yubikey and proxy_pass in a location config
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Tracker for teward's PPAs |
Won't Fix
|
Undecided
|
Unassigned | ||
Nginx-stable+yubikey |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
Filed by Paul Radulovic.
------
Here is my setup:
Running a web server on a localhost on port 8080.
Using NGINX as a proxy from 443 to this server on port 8080.
This works fine, but I wanted to include two factor authorization using YubiKeys. I found this great version of NGINX with yubikey support (stable) here: https:/
I've run into 3 issues:
1) I put it in the location directive for "/" but it seems to only enforce/prompt for the yubikey on the the '/' location, and not on any sub locations (ex: '/sign-in"). The yubikey does not prompt at all if they are moved to the server directive secion (above the location)
2) The yubikey authentication works just fine when you're just serving up some default files in the nginx directory, but as soon as I have it proxy_pass to my other server, I get a worker process core dump:
"2015/03/01 06:22:17 [alert] 13510#0: worker process 13523 exited on signal 11 (core dumped)"
It's as if it can't handle passing off to the proxy after validation (whereas with the html files it was serving it had no issues)
3) Not really important in this case, as I just disabled it, but the yubikey module crashes if you enable the SPDY module too
I have debugging enabled, and would be happy to post it if people want to see it. Also, I'm not sure how to send this question/bug to Thomas, since this is the first time I've posted to Launchpad, so any help with notifying him would be appreciated. Attached is the config I'm using.
Changed in teward-ppas: | |
status: | Triaged → Invalid |
status: | Invalid → Won't Fix |
The yubikey PPA is old and actually there is a security hole in the plugin that makes me wish to burn that PPA to dust. (see https:/ /github. com/sanderv32/ ngx_http_ auth_yubikey_ module/ issues/ 6 for the "Auth Bypass" issue) There is no fix for that issue yet.
However, a crash and a core dump usually means bad things are happening. Since the Yubikey Auth module is NOT mine (I just packaged it in for my testing/use initially), fixes have to originate upstream from here with the people who provide it. I would have to upstream this to them and have them take a look. I should probably rebuild the PPA with the latest nginx stable though.
However, the yubikey module isn't mine so you would have to send these issues upstream. However I advise against the use of my NGINX+Yubikey PPA for the time being as it is out of date and has a bug where you can bypass the authorization.