In the last two days, I’ve had to solve a rather interesting problem. I have an nginx instance proxying various servers, and I need to be able to add an authentication layer that will authenticate people with an external source (such as a web app) and allow them to pass through the proxy if they have an account on the authentication source (the web app, in this example).
Exploring the requirements
I considered various solutions for this, and I will list a few alternatives:
- A simple Python/Flask module that would do the actual proxying and authentication.
- An nginx module that would authenticate using subrequests (nginx can now do that).
- Using nginx’s Lua module to write some authentication code.