How to use nginx to proxy to a host requiring NTLM authentication?

Basically the same issue as How to use nginx to proxy to a host requiring authentication? but this time using NTLM authentication. Unfortunately the company IIS doesn't accept basic authentication.

I need to configure nginx to use a single user domain account for all proxy requests. As a result client should not receive any credential prompt.


The Nginx customer service confirmied that nginx currently does not authenticate ntlm, only proxy that authentication to the upstream server with NGINX Plus


According to nginx documentation:

upstream http_backend {
    server 127.0.0.1:8080;

    ntlm;
}

Allows proxying requests with NTLM Authentication. The upstream connection is bound to the client connection once the client sends a request with the “Authorization” header field value starting with “Negotiate” or “NTLM”. Further client requests will be proxied through the same upstream connection, keeping the authentication context.

The "ntlm" option is available only for Nginx Plus. I created a custom module that is able to provide a similar functionality

gabihodoroaga/nginx-ntlm-module

There is also a blog post about this at hodo.dev