1

I want to find a secure but simple method for authenticating users in an Nginx environment. I have succeeded in figuring out the auth_basic mod but that does not meet my needs. I specifically want to supply my own form, get the username and PW, check it against my DB with a CGI program, and then pass values back to Nginx.

I need explained examples for nginx.conf. I can write my own backend in C for authentication, that is not part of my question.

1) What should nginx.conf look like?

2) How do I pass back success or failure to the nginx module I wold use for this?

DisgruntledUser
  • 101
  • 2
  • 9
  • When you say "supply my own form", do you mean a HTML webpage that POSTs this information back to the application server? Or do you mean the authentication prompt that the browser pops up? – jamieb Aug 20 '12 at 00:12
  • Yes, that is what I mean, an html form that passes success or failure back to the nginx server. I don;t want to use the authentication interace that auth_basic uses. I now how to do the thml and cgi part of it but I do not know how to pass vaues back to nginx. – DisgruntledUser Sep 04 '12 at 19:01

1 Answers1

2

You'd need to write an nginx module to do this. Why do you want to?

If you're looking to handle auth in your application, then just do it all yourself with forms, session cookies (which you'd need anyway if you're using a form), and authorization checks, without using HTTP's built-in authentication mechanisms.

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • It seems like overkill to write my own module. Someone else said that I could do this with the auth_request module but it doesn't seem to work. I can't even get nginx to recognize it. It says: nginx: [emerg] unknown directive "auth_request" in /etc/nginx/nginx.conf:13 nginx: configuration file /etc/nginx/nginx.conf test failed – DisgruntledUser Aug 19 '12 at 22:25
  • One of the main reasons that I want to do this with nginx is because I can then use the map directive to lock users into their own directory, sort of like a chroot, withot all the overhead and the setuid risk. – DisgruntledUser Aug 19 '12 at 22:33
  • I am coming back to this project after a bit if a delay. I just realized that auth_request is not compiled into my version of nginx -- my bad. – DisgruntledUser Aug 19 '12 at 23:17