Skip to content
Snippets Groups Projects
ale's avatar
ale authored
c9ea3b0b
History

Small server for the ngx_http_auth_request NGINX module: authenticates users based on a static password file.

The tool supports both Basic authentication (username and password) and "bearer token" authentication where a single secret API key is used.

The password file must be JSON-encoded as a list of users, each with the following attributes:

  • name - username
  • password - encrypted password
  • api_tokens (optional) - list of API secret tokens for bearer authentication

The Debian package installs a NGINX configuration snippet that should be included in your virtual host configuration. The hard-coded location for the http_auth_request module is /__auth. An example configuration that protects an API at localhost:1234 would look something like the following:

server {
  listen 443 ssl;
  server_name my.server;
  ssl_certificate ...;
  ssl_certificate_key ...;

  include /etc/nginx/snippets/ula_auth.snippet;

  location / {
    auth_request /__auth;
    include /etc/nginx/proxy_params;
    proxy_pass http://localhost:1234;
  }
}