user authentication with nginx

Bob Stanton farseas at gmail.com
Sun Aug 19 22:37:39 UTC 2012


I am not clear on how this would work in the nginx.conf file.

Also, aren't there security risks using the headers?  Can't someone spoof
the headers and gain access that way?

Like I said, this is all rather unclear to me.



On Sun, Aug 19, 2012 at 6:24 PM, Jonathan Matthews
<contact at jpluscplusm.com>wrote:

> On 19 August 2012 22:32, Bob Stanton <farseas at gmail.com> wrote:
> > I want to find a secure but simple method for authenticating users in an
> > Nginx environment.
> >
> > I have succeeded in figuring out the auth_basic mod but that does not
> meet
> > my needs.
> >
> > I specifically want to supply my own form, get the username and PW,
> check it
> > against my DB with a CGI program, and then pass values back to Nginx.
>
> Use proxy_pass (http://nginx.org/r/proxy_pass) or fastcgi_pass
> (http://nginx.org/r/fastcgi_pass) to communicate the Auth headers to
> your daemon, which should then respond with whatever page you want
> your users to see in the event of auth success or failure.
>
> There are many configuration examples for these on the interwebs.
>
> Jonathan
> --
> Jonathan Matthews
> Oxford, London, UK
> http://www.jpluscplusm.com/contact.html
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120819/ab7e7d69/attachment.html>


More information about the nginx mailing list