Jenkins/Nginx - Double prompted for basic auth, why? Why is there an internal Jenkins auth?

Found the solution to my issue by searching for Nginx used as a reverse proxy for any other application with basic_auth.

Solution was the answer found here:https://serverfault.com/questions/511846/basic-auth-for-a-tomcat-app-jira-with-nginx-as-reverse-proxy

The line I was missing from my nginx configuration was:

 # Don't forward auth to Tomcat proxy_set_header   Authorization "";

By default, it appears that after basic auth Nginx will additionally forward the auth headers to Jenkins and this is what was leading to my issue. Jenkins receives the forwarded auth headers and then thinks it needs to authorize itself too?!

If we set our reverse proxy to not forward any authorization headers as shown above then everything works as it should. Nginx will prompt basic_auth and after successful auth we explicitly clear (reset?) the auth headers when forwarding to our reverse proxy.

I had this issue as well, in my case it was caused by having security enabled in jenkins itself, disabling security resolved the issue.

According to their docs:

If you do access control in Apache, do not enable security in Jenkins, as those two things will interfere with each other.

https://wiki.jenkins-ci.org/display/JENKINS/Apache+frontend+for+security

What seems to be happening is that nginx forwards the auth_basic response to jenkins, which attempts to perform auth_basic in response. I have not yet found a satisfying solution to the issue.