Welcome! Log In Create A New Profile

Advanced

How to set up nginx as a 2-factor authentication portal that becomes transparent once auth'd?

Previous Message Next Message
Forum List Message List New Topic Print View
Anonymous User
April 12, 2013 05:36PM
Hi,

I just started with a small company that's got a bunch of web apps being
served up from a bunch of different web servers. Some are 'appliances',
most are Apache.

It's a mess of an infrastrucutre -- slow and . My long term plan is to
convert to one lighter weight platform with commercial support
available. Although I haven't used it myself for anything in production
yet, after a bunch of reading and some fooling around on my own, I'm 99%
sure it's going to be Nginx.

In the short term -- like the boss wants it yesterday! -- I need to put
everything behind two factor authentication and enable SSL. Right now,
every web app is directly exposed to the web with single-factor auth
over http://.

In principle, I think I can solve this in one nginx instance. Setting
nginx up to listen on one IP, and serve up separate SSL certificates for
each web app is brilliantly easy in nginx! Works perfectly. SO that
part's basically done.

The auth piece has me scratching my head -- and I hope somebody here can
provide some guidance.

What I want to do is have all access to the webapps FIRST go through a
two factor authentication webpage in nginx. The two factors I need are
(1) a simple password known to the user, and (2) a
GoogleAuthenticator-generated token/passcode.

ONLY on correct & timely enter of both do I want the user passed through
to the webapp on one of those servers I mentioned. But once they do,
the 'authentication site' should become trabsparent and not interfere at
all with the session, etc.

I'm not sure how to:

(1) implement Google AUthenticator integration in Nginx. I've looked
for something built-in, or some plugin, which would be fantastic. But
I've haven't found anything reliable yet.
(2) make sure that after Authentication is OK to make everything
transparent to & from the webapps behind the nginx instance. Is this
proxying? I'm pretty sure I need to pass some sort of variables, but is
there some setting that bundles up everything so it's fully transparent?

Are there any built-in ways -- and better yet, good tutorials! -- that
exist alrady for these? I doubt I've thought up anything new here, so
I'm hoping someone's already posted some know-how.

THanks a bunch for any help!


Dave

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

How to set up nginx as a 2-factor authentication portal that becomes transparent once auth'd?

Anonymous User April 12, 2013 05:36PM

Re: How to set up nginx as a 2-factor authentication portal that becomes transparent once auth'd?

Lasse Laursen April 12, 2013 05:38PM

Re: How to set up nginx as a 2-factor authentication portal that becomes transparent once auth'd?

nginxorg April 12, 2013 06:30PM

Re: How to set up nginx as a 2-factor authentication portal that becomes transparent once auth'd?

Anonymous User April 12, 2013 07:04PM

Re: How to set up nginx as a 2-factor authentication portal that becomes transparent once auth'd?

manas86 October 04, 2017 09:38AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 183
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready