Authentication/access control module for reverse proxy NGINX
Sergey Brester
serg.brester at sebres.de
Wed Feb 22 22:42:10 UTC 2017
Hi,
you can use "auth_request" (see
http://nginx.org/en/docs/http/ngx_http_auth_request_module.html)
that can take full authorization control you wanted, e. g. authorize via
your own internal location to some backend (ruby, etc.), additionally
you can use there all features nginx supported, for example you can use
nginx-caching (by credential as key) in this location to control the
time expiration, etc.
Regards,
sebres.
Am 22.02.2017 23:16, schrieb Jun Chen via nginx-devel:
> Hi everyone,
>
> I am looking for a module which does the authentication/access control
> for reverse proxy (preferable `nginx`). This module should do:
>
> 1. user authentication using credential stored in database (such as
> postgres)
> 2. Monitoring the ongoing connection and take action if certain access
> credential is met. For example, time is expired
> 3. open source (allow customization) and nginx, ruby(rails) preferable.
>
> It seems that [`OpenResty`][1] with `nginx` can do the job. Here is an
> [article][2] talking about access control with `Lua` on `nginx`. Here
> is an example (`nginx and Lua`) giving me impression that a snippet of
> file could executed for access (`access_by_lua_file`):
>
> server {
> listen 8080;
>
> location / {
> auth_basic "Protected Elasticsearch";
> auth_basic_user_file passwords;
>
> access_by_lua_file '../authorize.lua'; #<<<=====
>
> proxy_pass http://elasticsearch;
> proxy_redirect off;
> }
>
> }
>
> I am new to access control with reverse proxy. Any thought is
> appreciated.
>
> [1]: https://github.com/openresty/lua-nginx-module
> [2]: Playing HTTP Tricks with Nginx [1]
Links:
------
[1] https://www.elastic.co/blog/playing-http-tricks-nginx
More information about the nginx-devel
mailing list