Authentication/access control module for reverse proxy NGINX

Sergey Brester serg.brester at sebres.de
Wed Feb 22 22:42:10 UTC 2017


Hi,

you can use "auth_request" (see 
http://nginx.org/en/docs/http/ngx_http_auth_request_module.html)

that can take full authorization control you wanted, e. g. authorize via 
your own internal location to some backend (ruby, etc.), additionally 
you can use there all features nginx supported, for example you can use 
nginx-caching (by credential as key) in this location to control the 
time expiration, etc.

Regards,
sebres.

Am 22.02.2017 23:16, schrieb Jun Chen via nginx-devel:

> Hi everyone,
> 
> I am looking for a module which does the authentication/access control 
> for reverse proxy (preferable `nginx`). This module should do:
> 
> 1. user authentication using credential stored in database (such as 
> postgres)
> 2. Monitoring the ongoing connection and take action if certain access 
> credential is met. For example, time is expired
> 3. open source (allow customization) and nginx, ruby(rails) preferable.
> 
> It seems that [`OpenResty`][1] with `nginx` can do the job. Here is an 
> [article][2] talking about access control with `Lua` on `nginx`. Here 
> is an example (`nginx and Lua`) giving me impression that a snippet of 
> file could executed for access (`access_by_lua_file`):
> 
> server {
> listen 8080;
> 
> location / {
> auth_basic "Protected Elasticsearch";
> auth_basic_user_file passwords;
> 
> access_by_lua_file '../authorize.lua'; #<<<=====
> 
> proxy_pass http://elasticsearch;
> proxy_redirect off;
> }
> 
> }
> 
> I am new to access control with reverse proxy. Any thought is 
> appreciated.
> 
> [1]: https://github.com/openresty/lua-nginx-module
> [2]: Playing HTTP Tricks with Nginx [1]


Links:
------
[1] https://www.elastic.co/blog/playing-http-tricks-nginx


More information about the nginx-devel mailing list