Nginx – Authentication with NGINX

nginxPROXYubuntu-16.04

I am running a set of NGINX proxies using basic browser authentication with the htpasswd file for users.

I have built a small application with Laravel that authenticates the user and presents them a list of links to these nginx proxies.

I am looking to update the nginx authentication to something like JWT tokens, however I am not sure that would be secure enough without an API behind it to validate the actual token itself?

The other option I was thinking was LDAP solution and having both Laravel and the NGINX proxies using the ldap authentication.

The apps that site behind the nginx proxy do not have any authentication and we have 0 intention of adding any to them at this time

Best Answer

Nginx includes the request auth module, which

implements client authorization based on the result of a subrequest. If the subrequest returns a 2xx response code, the access is allowed. If it returns 401 or 403, the access is denied with the corresponding error code. Any other response code returned by the subrequest is considered an error.

For the 401 error, the client also receives the “WWW-Authenticate” header from the subrequest response.

Two possibilities come to my mind:

  • You could extend your existing Laravel application so that it would be possible to "link to it" from Nginx, which would take the user to a "Login" page, and, if authenticated, sends a "200 OK" response to Nginx.
  • You could check out first existing solutions, leveraging this technique, for example Nginx LDAP Auth.

Elaborating on the second answer:

  • If the account data is indeed stored in LDAP, you could write a script which is executed regularly via cron for example, which pulls the data out of LDAP and writes it into a htpasswd file to be read by Nginx.
Related Topic