Welcome! Log In Create A New Profile

Advanced

Re: HTTP Authentication through database

lhmwzy
October 22, 2015 04:24AM
How about using ngx_lua?

2015-10-22 16:05 GMT+08:00 JaminVP <nginx-forum@nginx.us>:

> Greetings,
>
> I recently stumbled onto Nginx while researching a way to protect my
> Elasticsearch server without using Elastic Shield.
> My setup has a Windows Server box containing a webserver which has Kibana
> deployed on port 8080. The box also runs Elasticsearch as a service which
> listens to port 9200. The Kibana webapplication is protected by a filter
> which checks the HTTP-request header for the user-id and checks a database
> if this user-id is allowed to access Kibana.
>
> Unfortunatly, Kibana has to send queries and requests to Elasticsearch from
> the user's browser. Hence Elasticsearch has to be accessible for the user.
> This allows unauthorized users to send REST-requests to the Elasticsearch
> server, making this a potential security threat.
>
> My solution to this problem would be to implement Nginx as a reverse proxy
> on the box, forcing the HTTP-requests to pass Nginx before being allowed to
> access Elasticsearch, which would then only accessible on the box's
> localhost. The authentication would be processed by Nginx's
> http_auth_request_module, but I don't quite understand how to implement a
> service to which I redirect this auth request to.
>
> I found this StackOverflow page to be the most insightful:
>
> http://stackoverflow.com/questions/25340630/how-can-i-set-up-an-automatic-authentication-layer-in-nginx
> , but it still doesn't explain how to actually implement the authentication
> service.
>
> My preferred way of writing this service would be through Java and wrapping
> it as a service. I understand that the service should return the HTTP-code
> 200 if the authentication is succesful and something else if it isn't. I'd
> like to process the HTTP-request in the same way I processed the
> HTTP-request in the filter I used to validate Kibana-users.
>
> Any tips to get me started on writing a Java-application that would act as
> an authentication service?
>
> If this isn't possible in Java, is there a way to do it in Perl or Python?
>
> Thanks
>
> Posted at Nginx Forum:
> https://forum.nginx.org/read.php?2,262394,262394#msg-262394
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

HTTP Authentication through database

JaminVP October 22, 2015 04:05AM

Re: HTTP Authentication through database

lhmwzy October 22, 2015 04:24AM

Re: HTTP Authentication through database

itpp2012 October 22, 2015 04:45AM

Re: HTTP Authentication through database

JaminVP October 22, 2015 08:17AM

Re: HTTP Authentication through database

itpp2012 October 22, 2015 09:00AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 72
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready