Ping a Specific Port

Question

PHELMS

Asked: 2017-10-16 11:28:51 +0800 CST2017-10-16 11:28:51 +0800 CST 2017-10-16 11:28:51 +0800 CST

Authentication with NGINX

772

I am running a set of NGINX proxies using basic browser authentication with the htpasswd file for users.

I have built a small application with Laravel that authenticates the user and presents them a list of links to these nginx proxies.

I am looking to update the nginx authentication to something like JWT tokens, however I am not sure that would be secure enough without an API behind it to validate the actual token itself?

The other option I was thinking was LDAP solution and having both Laravel and the NGINX proxies using the ldap authentication.

The apps that site behind the nginx proxy do not have any authentication and we have 0 intention of adding any to them at this time

2 Answers

Voted

gxx · Answer 1 · 2017-10-16T13:39:55+08:00

Best Answer

gxx

2017-10-16T13:39:55+08:002017-10-16T13:39:55+08:00

Nginx includes the request auth module, which

implements client authorization based on the result of a subrequest. If the subrequest returns a 2xx response code, the access is allowed. If it returns 401 or 403, the access is denied with the corresponding error code. Any other response code returned by the subrequest is considered an error.

For the 401 error, the client also receives the “WWW-Authenticate” header from the subrequest response.

Two possibilities come to my mind:

You could extend your existing Laravel application so that it would be possible to "link to it" from Nginx, which would take the user to a "Login" page, and, if authenticated, sends a "200 OK" response to Nginx.
You could check out first existing solutions, leveraging this technique, for example Nginx LDAP Auth.

Elaborating on the second answer:

If the account data is indeed stored in LDAP, you could write a script which is executed regularly via cron for example, which pulls the data out of LDAP and writes it into a htpasswd file to be read by Nginx.

2

user439837 · Answer 2 · 2017-10-16T12:19:45+08:00

user439837

2017-10-16T12:19:45+08:002017-10-16T12:19:45+08:00

Nginx doesn't have a built-in way to do this. It can only do htpasswd authentication and per-IP allow/deny rules.

Nginx Plus has a way to do this, and it's described in detail on the Nginx blog

0

Authentication with NGINX

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?