Chapter 6. Authentication
NGINX is able to authenticate clients. Authenticating client requests with NGINX offloads work and provides the ability to stop unauthenticated requests from reaching your application servers. Modules available for NGINX Open Source include basic authentication and authentication subrequests. The NGINX Plus exclusive module for verfying JSON Web Tokens (JWTs) enables integration with third-party authentication providers that use the authentication standard OpenID Connect.
HTTP Basic Authentication
You need to secure your application or content via HTTP basic authentication.
Generate a file in the following format, where the password is encrypted or hashed with one of the allowed formats:
# comment name1:password1 name2:password2:comment name3:password3
The username is the first field, the password the second field, and the delimiter is a colon. There is an optional third field, which you can use to comment on each user. NGINX can understand a few different formats for passwords, one of which is whether the password is encrypted with the C function
crypt(). This function is exposed to the command line by the
openssl passwd command. With
openssl installed, you can create encrypted password strings by using the following command:
$ openssl passwd MyPassword1234
The output will be a string that NGINX can use in your password file.
auth_basic_user_file directives within your NGINX configuration ...