Thks Yichun,
The log destination was misconfigured - this is a development system and we lost track of things. It seems that effective management of multiple apps is going to require some thought.
I finally broke down and found an http sniffer (http://www.tuffcode.com is the only good Mac citizen that I've found, although it gives up features to Charles and WireShark) to diagnose the problem - the authentication request headers are being inherited by the sub-request. Since the upstream data source (couchdb or elasticsearch) is un-authenticated, this is a problem. A 401 is returned and there is no JSON content to parse.
I'd really like to remove all http headers from ngx.location.capture and start from scratch with my own, as well as ensure that HTTP 1.1 is used. Amongst other issues, we really would prefer the upstream data source log requests using an easily identifiable internal user-agent. Ditto for all the other header junk passed on from the browser that initiated the request - it isn't wanted or needed.
What is the proper place/method to remove all these headers and explicitly add just our own the ngx.location.capture request?
Thinking ahead, although this is currently running on a safe internal network, ultimately we should probably authenticate the ngx.location.capture phase using a client certificate. Is anyone doing anything like this?
david