HTTP Authentication through database
lhmwzy at gmail.com
Thu Oct 22 08:22:59 UTC 2015
How about using ngx_lua?
2015-10-22 16:05 GMT+08:00 JaminVP <nginx-forum at nginx.us>:
> I recently stumbled onto Nginx while researching a way to protect my
> Elasticsearch server without using Elastic Shield.
> My setup has a Windows Server box containing a webserver which has Kibana
> deployed on port 8080. The box also runs Elasticsearch as a service which
> listens to port 9200. The Kibana webapplication is protected by a filter
> which checks the HTTP-request header for the user-id and checks a database
> if this user-id is allowed to access Kibana.
> Unfortunatly, Kibana has to send queries and requests to Elasticsearch from
> the user's browser. Hence Elasticsearch has to be accessible for the user.
> This allows unauthorized users to send REST-requests to the Elasticsearch
> server, making this a potential security threat.
> My solution to this problem would be to implement Nginx as a reverse proxy
> on the box, forcing the HTTP-requests to pass Nginx before being allowed to
> access Elasticsearch, which would then only accessible on the box's
> localhost. The authentication would be processed by Nginx's
> http_auth_request_module, but I don't quite understand how to implement a
> service to which I redirect this auth request to.
> I found this StackOverflow page to be the most insightful:
> , but it still doesn't explain how to actually implement the authentication
> My preferred way of writing this service would be through Java and wrapping
> it as a service. I understand that the service should return the HTTP-code
> 200 if the authentication is succesful and something else if it isn't. I'd
> like to process the HTTP-request in the same way I processed the
> HTTP-request in the filter I used to validate Kibana-users.
> Any tips to get me started on writing a Java-application that would act as
> an authentication service?
> If this isn't possible in Java, is there a way to do it in Perl or Python?
> Posted at Nginx Forum:
> nginx mailing list
> nginx at nginx.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx