Add a README

c9ea3b0b · ale · 3dc1875f · c9ea3b0b
Commit c9ea3b0b authored 3 months ago by ale
--- a/README.md
+++ b/README.md
+Small server for the
+[ngx_http_auth_request](https://nginx.org/en/docs/http/ngx_http_auth_request_module.html)
+NGINX module: authenticates users based on a static password file.
+
+The tool supports both Basic authentication (username and password)
+and "bearer token" authentication where a single secret API key is
+used.
+
+The password file must be JSON-encoded as a list of users, each with
+the following attributes:
+
+* *name* - username
+* *password* - encrypted password
+* *api_tokens* (optional) - list of API secret tokens for bearer
+  authentication
+
+The Debian package installs a NGINX configuration snippet that should
+be included in your virtual host configuration. The hard-coded
+location for the http_auth_request module is */__auth*. An example
+configuration that protects an API at localhost:1234 would look
+something like the following:
+
+```
+server {
+  listen 443 ssl;
+  server_name my.server;
+  ssl_certificate ...;
+  ssl_certificate_key ...;
+
+  include /etc/nginx/snippets/ula_auth.snippet;
+
+  location / {
+    auth_request /__auth;
+    include /etc/nginx/proxy_params;
+    proxy_pass http://localhost:1234;
+  }
+}
+```