Welcome! Log In Create A New Profile

Advanced

auth and security

sv
September 20, 2013 12:38PM
I have a configuration that is working but I would like a second( third,
fourth...) opinion.

what I want to do it

protect a location /zot. zot contains static pages
/zot/ws is a web socket connection

only with a cookie can a person access /zot and /zot/ws

if no cookie rewrite to /login

login serves a page to login.
the reply is back to /login
if login is accessed with $args rewite to /auth

/auth validates the credentials and returns /zot/index and cookie
not valid returns /login

/zot/ws is websocket connection
/auth is a cgi
/login servers login static pages
/zot returns static app pages

that is the basic idea.

code
**********************
location /auth {
if ($login = '') {
return 403;
}

proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
# maybe all cookies?
proxy_set_header Cookie $cookie_hzc;

# I tried database, did not work, $nextval was always
nothing
#postgres_pass database;
#postgres_query HEAD GET "select nextval('nextsession')";
#postgres_rewrite no_rows 403;
#postgres_output text;
#postgres_set $nextval 0 0 required;
#set $args $args&sess=$nextval;

# if I could authorize and make a secure cookie here
# that the back end knows about is OK
proxy_pass http://localhost:8088;
}

location /login {
if ($args) {
# maybe check the args? user=??? passwd=""" *
lua here OK
set $login 1;
rewrite ^/login/login(.*)$ /auth$1;
}
alias /var/www/login;

}

location /zot/ws {
if ($http_cookie !~* 'hzc') {
# maybe check cookie? * lua is OK
rewrite ^/hzc(.*)$ /login$1;
}
# maybe all cookies?
proxy_set_header Cookie $cookie_hzc;

proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_pass http://localhost:8088;
}

location /zot {
if ($http_cookie !~* 'hzc') {
# maybe check cookie? * lua is OK
rewrite ^/hzc(.*)$ /login$1;
}
alias /var/www/zot;
}




_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

auth and security

sv 1314 September 20, 2013 12:38PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 296
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 466 on July 09, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready