Does NGINX read auth_basic_user_file on every connection?

Maxim Dounin mdounin at
Thu Sep 3 12:22:55 UTC 2020


On Thu, Sep 03, 2020 at 10:55:27AM +0530, RA wrote:

> How does NGINX process auth_basic_user_file?
> 1) Does it read it in entirety on every connection?


> 2) Does it read it line by line on every connection and stops 
> when a match is found?

No, though what nginx does is somewhat close.  It reads the user 
file by using a fixed-size buffer, and then scans the buffer 
contents to find lines.  As long as the user is found, it stops.  
See the code for further details.

> 3) Does it read it full on start and re-reads it only if the 
> file is changed?


> If its either 1 or 2, then is it not very inefficient to read a 
> file on just every connection? If the file has fairly large 
> number of entries (5-10mb), will it not affect the performance 
> of web server in general? There should be some "indexed" 
> approach to this.

Reading the user file is not generally a problem, since it is 
cached by OS.  Unwise choice of the password hashing algorithm 
usually have much larger impact on basic authentication and the 
performane of the web server in general, since basic 
authentication implies checking the password on each request.

On the other hand, using user files with fairly large number of 
entries might not be a good idea either.  If you want to deploy 
authentication in setups with many thousands of users, you may 
want to use different authentication mechanism.  In particular, 
you may plug your own, written in your favorite language, by using 
the auth_request directive, see here for details:

Maxim Dounin

More information about the nginx mailing list