Chapter 6. Authentication

6.0 Introduction

NGINX is able to authenticate clients. Authenticating client requests with NGINX offloads work and provides the ability to stop unauthenticated requests from reaching your application servers. Modules available for NGINX Open Source include basic authentication and authentication subrequests. The NGINX Plus–exclusive module for verifying JSON Web Tokens (JWTs) enables integration with third-party authentication providers that use the authentication standard OpenID Connect. This chapter will cover the various ways to use NGINX in conjunction with authentication to secure resources.

6.1 HTTP Basic Authentication

Problem

You need to secure your application or content via HTTP basic authentication.

Solution

Generate a file in the following format, where the password is encrypted or hashed with one of the allowed formats:

# comment
name1:password1
name2:password2:comment
name3:password3

The username is the first field, the password the second field, and the delimiter is a colon. There is an optional third field, which you can use to comment on each user. NGINX can understand a few different formats for passwords, one of which is a password encrypted with the C function crypt(). This function is exposed to the command line by the openssl passwd command. With openssl installed, you can create encrypted password strings by using the following command:

$ openssl passwd MyPassword1234

The output will be a string that NGINX can use in ...

Get NGINX Cookbook, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.