book

NGINX Cookbook

by Derek DeJonghe

October 2020

Intermediate to advanced

203 pages

4h 14m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Conventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgments
1.0. Introduction1.1. Installing on Debian/Ubuntu1.2. Installing on RedHat/CentOS1.3. Installing NGINX Plus1.4. Verifying Your Installation1.5. Key Files, Directories, and Commands1.6. Serving Static Content1.7. Graceful Reload
2.0. Introduction2.1. HTTP Load Balancing2.2. TCP Load Balancing2.3. UDP Load Balancing2.4. Load-Balancing Methods2.5. Sticky Cookie with NGINX Plus2.6. Sticky Learn with NGINX Plus2.7. Sticky Routing with NGINX Plus2.8. Connection Draining with NGINX Plus2.9. Passive Health Checks2.10. Active Health Checks with NGINX Plus2.11. Slow Start with NGINX Plus
3.0. Introduction3.1. A/B Testing3.2. Using the GeoIP Module and Database3.3. Restricting Access Based on Country3.4. Finding the Original Client3.5. Limiting Connections3.6. Limiting Rate3.7. Limiting Bandwidth
4.0. Introduction4.1. Caching Zones4.2. Cache Locking4.3. Caching Hash Keys4.4. Cache Bypass4.5. Cache Performance4.6. Cache Purging with NGINX Plus4.7. Cache Slicing
5.0. Introduction5.1. NGINX Plus API5.2. Using the Key-Value Store with NGINX Plus5.3. Extending NGINX with a Common Programming Language5.4. Installing with Puppet5.5. Installing with Chef5.6. Installing with Ansible5.7. Installing with SaltStack5.8. Automating Configurations with Consul Templating
6.0. Introduction6.1. HTTP Basic Authentication6.2. Authentication Subrequests6.3. Validating JWTs with NGINX Plus6.4. Creating JSON Web Keys6.5. Validate JSON Web Tokens with NGINX Plus6.6. Automatically Obtaining and Caching JSON Web Key Sets with NGINX Plus6.7. Authenticate Users via Existing OpenID Connect SSO with NGINX Plus
7.0. Introduction7.1. Access Based on IP Address7.2. Allowing Cross-Origin Resource Sharing7.3. Client-Side Encryption7.4. Advanced Client-Side Encryption7.5. Upstream Encryption7.6. Securing a Location7.7. Generating a Secure Link with a Secret7.8. Securing a Location with an Expire Date7.9. Generating an Expiring Link7.10. HTTPS Redirects7.11. Redirecting to HTTPS Where SSL/TLS Is Terminated Before NGINX7.12. HTTP Strict Transport Security7.13. Satisfying Any Number of Security Methods7.14. NGINX Plus Dynamic Application Layer DDoS Mitigation7.15. Installing and Configuring NGINX Plus App Protect Module
8.0. Introduction8.1. Basic Configuration8.2. gRPC8.3. HTTP/2 Server Push

9.0. Introduction9.1. Serving MP4 and FLV9.2. Streaming with HLS with NGINX Plus9.3. Streaming with HDS with NGINX Plus9.4. Bandwidth Limits with NGINX Plus
10.0. Introduction10.1. Auto-Provisioning on AWS10.2. Routing to NGINX Nodes Without an AWS ELB10.3. The NLB Sandwich10.4. Deploying from the AWS Marketplace10.5. Creating an NGINX Virtual Machine Image on Azure10.6. Load Balancing Over NGINX Scale Sets on Azure10.7. Deploying Through the Azure Marketplace10.8. Deploying to Google Compute Engine10.9. Creating a Google Compute Image10.10. Creating a Google App Engine Proxy
11.0. Introduction11.1. Using NGINX as an API Gateway11.2. Using DNS SRV Records with NGINX Plus11.3. Using the Official NGINX Image11.4. Creating an NGINX Dockerfile11.5. Building an NGINX Plus Docker Image11.6. Using Environment Variables in NGINX11.7. Kubernetes Ingress Controller11.8. Prometheus Exporter Module
12.0. Introduction12.1. NGINX Plus HA Mode12.2. Load-Balancing Load Balancers with DNS12.3. Load Balancing on EC212.4. NGINX Plus Configuration Synchronization12.5. State Sharing with NGINX Plus and Zone Sync
13.0. Introduction13.1. Enable NGINX Open Source Stub Status13.2. Enabling the NGINX Plus Monitoring Dashboard13.3. Collecting Metrics Using the NGINX Plus API
14.0. Introduction14.1. Configuring Access Logs14.2. Configuring Error Logs14.3. Forwarding to Syslog14.4. Request Tracing14.5. OpenTracing for NGINX
15.0. Introduction15.1. Automating Tests with Load Drivers15.2. Keeping Connections Open to Clients15.3. Keeping Connections Open Upstream15.4. Buffering Responses15.5. Buffering Access Logs15.6. OS Tuning
16.0. Introduction16.1. Setup Overview16.2. Connecting NGINX Plus with Controller16.3. Driving NGINX Controller with the API16.4. Enable WAF Through Controller App Security
17.0. Introduction17.1. Using Includes for Clean Configs17.2. Debugging Configs

Content preview from NGINX Cookbook

Chapter 6. Authentication

6.0 Introduction

NGINX is able to authenticate clients. Authenticating client requests with NGINX offloads work and provides the ability to stop unauthenticated requests from reaching your application servers. Modules available for NGINX Open Source include basic authentication and authentication subrequests. The NGINX Plus exclusive module for verifying JSON Web Tokens (JWTs) enables integration with third-party authentication providers that use the authentication standard OpenID Connect.

6.1 HTTP Basic Authentication

Problem

You need to secure your application or content via HTTP basic authentication.

Solution

Generate a file in the following format, where the password is encrypted or hashed with one of the allowed formats:

# comment
name1:password1
name2:password2:comment
name3:password3

The username is the first field, the password the second field, and the delimiter is a colon. There is an optional third field, which you can use to comment on each user. NGINX can understand a few different formats for passwords, one of which is whether the password is encrypted with the C function crypt(). This function is exposed to the command line by the openssl passwd command. With openssl installed, you can create encrypted password strings by using the following command:

$ openssl passwd MyPassword1234

The output will be a string that NGINX can use in your password file.

Use the auth_basic and auth_basic_user_file directives within your NGINX configuration ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781492078470Errata Page

NGINX Cookbook

by Derek DeJonghe

Chapter 6. Authentication

6.0 Introduction

6.1 HTTP Basic Authentication

Problem

Solution

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

NGINX Cookbook

NGINX Cookbook

NGINX Cookbook, 2nd Edition

Mastering NGINX - Second Edition

Publisher Resources

Chapter 6. Authentication

6.0 Introduction

6.1 HTTP Basic Authentication

Problem

Solution

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

NGINX Cookbook

NGINX Cookbook

NGINX Cookbook, 2nd Edition

Mastering NGINX - Second Edition

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.