From c9ea3b0b0abc0c4725bdeed408a4d8cb5f748997 Mon Sep 17 00:00:00 2001 From: ale <ale@incal.net> Date: Fri, 6 Dec 2024 22:15:30 +0000 Subject: [PATCH] Add a README --- README.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..9cb3f07 --- /dev/null +++ b/README.md @@ -0,0 +1,38 @@ +Small server for the +[ngx_http_auth_request](https://nginx.org/en/docs/http/ngx_http_auth_request_module.html) +NGINX module: authenticates users based on a static password file. + +The tool supports both Basic authentication (username and password) +and "bearer token" authentication where a single secret API key is +used. + +The password file must be JSON-encoded as a list of users, each with +the following attributes: + +* *name* - username +* *password* - encrypted password +* *api_tokens* (optional) - list of API secret tokens for bearer + authentication + +The Debian package installs a NGINX configuration snippet that should +be included in your virtual host configuration. The hard-coded +location for the http_auth_request module is */__auth*. An example +configuration that protects an API at localhost:1234 would look +something like the following: + +``` +server { + listen 443 ssl; + server_name my.server; + ssl_certificate ...; + ssl_certificate_key ...; + + include /etc/nginx/snippets/ula_auth.snippet; + + location / { + auth_request /__auth; + include /etc/nginx/proxy_params; + proxy_pass http://localhost:1234; + } +} +``` -- GitLab