Hello!
I currently use Nginx as a reverse proxy for my backend services.
Nginx authenticates itself to the backend services using a Token that is generated by a process every 10 minutes and that process is writing the token in the config file and reloading nginx regularly:
location / {
proxy_set_header Authorization "PLAIN TEXT TOKEN WRITTEN BY PROCESS";
proxy_pass https://backend;
}
I would like to avoid having a token in plain text. Is there a way to avoid that?
I though of the following options:
- Use env var: But that is impossible nginx doesn't support it
- Query the token by having the process establish a local server. Could work but how can the process return the result as a variable to nginx?
- Pass the config in memory instead of writing it to a file. Could be a simple option but I didn't find a way to do that.
Do you have any idea how I can achieve that?
Thank you!
Hugues