Using a reverse proxy with basic auth not working.

[Gambitboy]

Hi,

I've been trying for a while but I can't seem to get Faraday working with a reverse proxy that has basic auth enabled.

Here is my code snippet using Net::HTTP:

require 'net/http'

uri = URI('destination_url_here')
req = Net::HTTP::Get.new(uri)
req.basic_auth 'username', 'password'

proxy = URI('proxy_ip_here')
req_options = {
  use_ssl: false
}
res = Net::HTTP.new(uri.hostname, uri.port, proxy.hostname, proxy.port, req_options).start do |http|
  http.request(req)
end

This example works, I'm doing a simple GET request to the root of my destination url.

Here is one of my attempts at using Faraday:

connection = Faraday.new(
  url: 'destination_url_here',
  proxy: proxy_ip_here,
  ssl: { verify: false }
) do |f|
  f.adapter Faraday.default_adapter
  f.request :authorization, :basic, 'username', 'password'
end
connection.get('/')

This example gives me a 401 on the reverse proxy itself. I've tried adding the basic auth directly in the header as well.
I've also tried adding the username and password inside the proxy url.

Anyone can help me with this?

[olleolleolle]

https://lostisland.github.io/faraday/#/customization/proxy-options

Seems like the proxy: keyword argument takes an options hash. Hope this helps!

[Gambitboy]

So I've tried it like this as well.

connection = Faraday.new(
  url: 'destination_url_here',
  proxy: {
    uri: proxy_ip_here,
    user: username,
    password: password
  },
  ssl: { verify: false }
) do |f|
  f.adapter Faraday.default_adapter
end
connection.get('/')

[iMacTia]

@Gambitboy Sorry I just noticed this thread! Did you manage to make this work?
Faraday's authorization middleware only sets the Authorization header, so that would explain why it doesn't work.

I looked at the faraday-net_http adapter implementation and I noticed that setting the proxy user and password has a slightly different behaviour compared to your working example above. I'm not sure how these are being used, but they might be different from basic auth.

Another way to make this work could be to simply add basic auth to the proxy address.
I'd also suggest adding the logging middleware to the connection so you can see what's going on exactly and potentially spot the issue.