Small server for the ngx_http_auth_request NGINX module: authenticates users based on a static password file.
The tool supports both Basic authentication (username and password) and "bearer token" authentication where a single secret API key is used.
The password file must be JSON-encoded as a list of users, each with the following attributes:
- name - username
- password - encrypted password
- api_tokens (optional) - list of API secret tokens for bearer authentication
The Debian package installs a NGINX configuration snippet that should be included in your virtual host configuration. The hard-coded location for the http_auth_request module is /__auth. An example configuration that protects an API at localhost:1234 would look something like the following:
server {
listen 443 ssl;
server_name my.server;
ssl_certificate ...;
ssl_certificate_key ...;
include /etc/nginx/snippets/ula_auth.snippet;
location / {
auth_request /__auth;
include /etc/nginx/proxy_params;
proxy_pass http://localhost:1234;
}
}