Hi Hugues,

hope you're doing well.

On Thu, Apr 08, 2021 at 02:58:01PM -0400, bouvierh wrote:
> Hello!
>
> I currently use Nginx as a reverse proxy for my backend services.
>
> Nginx authenticates itself to the backend services using a Token that is
> generated by a process every 10 minutes and that process is writing the
> token in the config file and reloading nginx regularly:
>
> location / {
> proxy_set_header Authorization "PLAIN TEXT TOKEN WRITTEN BY PROCESS";
>
> proxy_pass https://backend;
> }
>
> I would like to avoid having a token in plain text. Is there a way to avoid
> that?
> I though of the following options:
> - Use env var: But that is impossible nginx doesn't support it

NGINX does support environment variables, please see details
http://nginx.org/en/docs/ngx_core_module.html#env

> - Query the token by having the process establish a local server. Could work
> but how can the process return the result as a variable to nginx?

That probably depends on how a response looks like. It's possible to
use NGINX JavaScript module to parse or modify a response.

> - Pass the config in memory instead of writing it to a file. Could be a
> simple option but I didn't find a way to do that.

Some tricks are available with NGINX Plus distribution because of the key-value
module, http://nginx.org/en/docs/http/ngx_http_keyval_module.html.

--
Sergey Osokin
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx