The Nginx auth_request module implements the client authorization-based result of subsequent queries. Let’s check on its configuration steps by our Server Management Services at Bobcares.

Overview of Nginx auth_request

By default the Nginx request module is not built, we can enable the same by using auth request configuration module. The module of the access request is combined with the access module and auth basic module.

Nginx and Nginx plus will authenticate each request of the website with an external server and service. If the subsequent code returns a 2xx response code then access will be allowed. This type of authentication implements schemes of various authentication.

Using Nginx auth_request

The Nginx auth_request module will require a compiled Nginx. During the source of Nginx download and compiling the code we have to authenticate an auth_request module flag. The module of auth_request sited between the internet and the backend which passes Nginx requests at any time during the request.

Initially, will forward the request to a different server for checking whether the user can authenticate. As well uses the HTTP response to decide if the request is allowed to continue from the backend.

The below example shows how we can use the Nginx auth_request in the Nginx configuration file.

Code:

location = /auth {
proxy_pass_request_body off;
proxy_set_header Content-Length “;
proxy_set_header X-Original-URI $request_uri;
}

The Nginx auth_request will enable the authorization-based result on subsequent sets of URI sent. Below is the syntax of Nginx auth_request:

Syntax :

auth_request $value_of_variable;

The Nginx module of auth_request has the concept of users that authenticates anyone for logging the users. Also, handles the request of HTTP and returns HTTP 401 and 200. This function depends on whether the user will be logged in.

For accomplishing the same we can use an open-source project as a “vouch” as it is easy to deploy. We can configure it by using a single YAML file. Vouch is for authenticating the users using a variety of OpenID and OAuth backends like google or GitHub.

For configuring the server block of the Nginx server we have to add auth request module to the Nginx configuration file. The auth_request and vouch-validate will enable the flow. This will inform the auth_request module to send a request for URI whether to continue from the backend server.

The vouch-validate will capture the URL and proxies from the vouch server listening to port 9090. No need to send the body of the post to the vouch because we care about the cookie policy.

Nginx auth_request configuration

The below steps show the Nginx auth_request configuration. First, we will install the Nginx on the system as given.

1. Install the Nginx server.

apt-get install nginx

2. Check the version of the Nginx server.

nginx –V

3. Once the Nginx server install completed. We are opening the configuration file of Nginx for changing the port number. We will do this by using the vi commands.

4. We will configure the request authentication for the directive of auth_request as shown.

Code :

location /private/ {
auth_request /auth;
}

5. Further, we will specify the proxy_pass directive which was inside the sub-request of proxy authentication.

location = /auth {
internal;
proxy_pass http://auth-server;
}

6. Now we will set the value from the results of auth_request as below.

Code :

location /private/ {
auth_request        /auth;
auth_request_set $auth_status $upstream_status;
}

7. Finally, check the syntax of the configuration file. If the syntax of the config file is ok then proceed with the Nginx service restart. If the Nginx config file occurs any error, then need to check the configuration file.

service nginx restart

[Looking for a solution to another query? We are just a click away.]

Conclusion