From ca5f137530da63848af17f8b1c868a05d57d1293 Mon Sep 17 00:00:00 2001 From: rudaev Date: Sun, 5 Apr 2026 13:25:13 +0700 Subject: [PATCH] fix: nginx $http_authorization escaping in HOOKS_LOCATION_BLOCK MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In entrypoint.sh, HOOKS_LOCATION_BLOCK is built as a double-quoted shell string. Using \\$var stores \ in the variable — when interpolated into the heredoc, nginx sees \ (escaped literal) instead of the variable $http_authorization, so the Authorization header from the upstream request is never forwarded to the gateway. Fix: use \ (single escape) so the variable stores bare $var, which the heredoc passes through correctly as a nginx variable reference. Same bug applied to $host, $remote_addr, $proxy_add_x_forwarded_for, and $scheme in the same block — all fixed. Symptom: hooks endpoint returns 401 after every container restart because nginx passes the literal string '$http_authorization' instead of the actual Authorization header value. --- scripts/entrypoint.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index 864eb0c..7705b56 100644 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -162,12 +162,12 @@ HOOKS_LOCATION_BLOCK="" if [ -n "$HOOKS_PATH" ]; then HOOKS_LOCATION_BLOCK="location ${HOOKS_PATH} { proxy_pass http://127.0.0.1:${GATEWAY_PORT}; - proxy_set_header Authorization \\\$http_authorization; + proxy_set_header Authorization \$http_authorization; - proxy_set_header Host \\\$host; - proxy_set_header X-Real-IP \\\$remote_addr; - proxy_set_header X-Forwarded-For \\\$proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto \\\$scheme; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; proxy_http_version 1.1;