External authentication using a custom script

Server NGINX
1

I would like to authenticate HTTP and HTTPS clients using an external
script
through Nginx.

All the authentication scripts are already made and I will modify them
in any
way necessary to work with Nginx. The scripts query completely custom
database
servers and XML based authenticators so an external script is needed to
work,
for example, with the current implementation of Apache.

Basically, I am looking for similar functionality of mod_authnz_external
from
Apache in Nginx. Google Code Archive - Long-term storage for Google Code Project Hosting.

For example, when the client connects to a certain “location” specified
in the
nginx.conf, the Nginx server should ask them for their username and
password
using the standard pop-up box; just like when auth_basic is used. But,
instead
of checking a local file Nginx supplies the username and password to an
external script. The external script will authenticate the user/pass
pair and
give a proper response back to Nginx to allow or deny. As long as the
HTTP
client is connected Nginx will know they are authenticated just like
auth_basic.

At this point I was hoping for some opinions if I am on the right track
to get
Nginx do what I need.

From what I could find, the “auth_http” directive looks like a
possibility,
but I wonder if it only works with POP3 and IMAP clients. Nginx will
connect
to a remote http server with the username and pass in the headers. I
take those
headers into my script and return with a OK or Invalid header response.
I can
write a small HTTP deamon responder to be my authenticator if
“auth_http” is
the right method.

Any other suggestions, ideas or opinions are very welcome. If anyone
needs more
information or if a point was unclear, I would be happy to respond to
the list
with more information. When I get external authentication working with
Nginx I
would be happy to share the complete setup with the list.

2

Maxim,

Thanks for pointing me in the right direction. I was able to build Nginx
with
http_auth_request and will start looking at the configuration options.

Are you aware of any more configuration examples other then what you
have supplied in the README?

3

Hello!

On Thu, Jun 14, 2012 at 04:10:12PM -0400, CM Fields wrote:

I would like to authenticate HTTP and HTTPS clients using an external script
through Nginx.

[…]

http://mdounin.ru/hg/ngx_http_auth_request_module/

Maxim D.

4

Hello!

On Thu, Jun 14, 2012 at 04:32:20PM -0400, CM Fields wrote:

Maxim,

Thanks for pointing me in the right direction. I was able to build Nginx with
http_auth_request and will start looking at the configuration options.

Are you aware of any more configuration examples other then what you
have supplied in the README?

Some additional examples can be found in tests under the t/
directory. See here:

http://mdounin.ru/hg/ngx_http_auth_request_module/file/tip/t

Maxim D.

5

Maxim,

The external authentication with your module works great. I will do some
stress testing this week.

BTW, the examples in the README file are fine. I just did not
understand the context
without looking at the testing examples.

6

Perfect. Thank you very much.

7

CM Fields Wrote:

When I get external authentication working with

Nginx I would be happy to share the complete setup with the list.

nginx mailing list
[email protected]
nginx Info Page

Hi,

I am looking to protect some directories with mysql auth. Would you
mind
sharing the working setup/script(s) you ended up with?

Posted at Nginx Forum:

8

Find a suitable for your stuff will have a sense of accomplishment that
can
come efox look, there may be something you want

Posted at Nginx Forum: