Chapter 6. Authentication
6.0 Introduction
NGINX is able to authenticate clients. Authenticating client requests with NGINX offloads work and provides the ability to stop unauthenticated requests from reaching your application servers. Modules available for NGINX Open Source include basic authentication and authentication subrequests. The NGINX Plus exclusive module for verifying JSON Web Tokens (JWTs) enables integration with third-party authentication providers that use the authentication standard OpenID Connect.
6.1 HTTP Basic Authentication
Problem
You need to secure your application or content via HTTP basic authentication.
Solution
Generate a file in the following format, where the password is encrypted or hashed with one of the allowed formats:
# comment name1:password1 name2:password2:comment name3:password3
The username is the first field, the password the second field, and the delimiter is a colon. There is an optional third field, which you can use to comment on each user. NGINX can understand a few different formats for passwords, one of which is whether the password is encrypted with the C function crypt()
. This function is exposed to the command line by the openssl passwd
command. With openssl
installed, you can create encrypted password strings by using the following command:
$ openssl passwd MyPassword1234
The output will be a string that NGINX can use in your password file.
Use the auth_basic
and auth_basic_user_file
directives within your NGINX configuration ...
Get NGINX Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.