authenticationnginxcertificate

ways of authentication with Nginx


I am new to Nginx, so please bear with me if my question is obvious.

I am looking for ways to authenticate users to the Nginx server. From my research I've understood there are two primary options:

  1. End-user sends a request that contains the private key (in the header for example) to Nginx, Ngnix sends the authentication to auth server and the Ngnix gets an answer if the user authenticated or not.

  2. The second option is, Nginx plus (A service that costs money), and the Nginx handles the authentication process - If someone knows an open-source version of this option it would be the best.

I would really appreciate the help, thank you all!


Solution

    1. The old good Basic authentication still exists, among with the ngx_http_auth_basic_module. Unfortunately the only algorithm that is implemented by nginx itself is the old and weak apache MD5, however using glibc based host systems you have some other options. You can find out more details here.

    2. You can authenticate your users using client-side certificates. There are many articles all over the internet; here is the Client-Side Certificate Authentication with Nginx from the first search results page by google.

    3. You can use the js_content directive from njs module as the auth location content handler (instead of proxying auth request to some backend app). Or you can do both things, you may find the Validating OAuth 2.0 Access Tokens with NGINX and NGINX Plus article to be very interesting.

    4. You can implement almost every authentication mechanism you can ever imagine using the famous lua-nginx-module. Some useful links (again, from the very first page of google search results) are

    5. Although this one related only to Nginx Plus, to made the answer complete I had to mention ngx_http_auth_jwt_module and a few official articles from F5: