ACL configuration based on user authentication in Nginx reverse proxy-Nginx-php.cn

Home

Operation and Maintenance

Nginx

ACL configuration based on user authentication in Nginx reverse proxy

PHPz

Jun 10, 2023 pm 12:12 PM

nginxreverse proxyAuthentication acl

Nginx is widely used in reverse proxy, load balancing and other scenarios. These application scenarios often require access control. Nginx provides a configuration method based on access control list (ACL), which can implement access control for different users, different IP addresses, different request paths, etc. This article focuses on the ACL configuration method based on user authentication to achieve identity authentication and permission control.

User authentication module

Nginx provides two user authentication modules: ngx_http_auth_basic_module and ngx_http_auth_request_module. The former is based on HTTP Basic Auth, and the user needs to provide the username and password in the request header, while the latter authenticates the request through the back-end server. Both authentication modules have their own advantages and disadvantages. Choose the authentication module that suits you according to your actual needs.

Authentication process

The user authentication process based on the ngx_http_auth_request_module module is as follows:

1) The client sends a request to Nginx;
2) Nginx Intercept the request and send an authentication request to the backend server;
3) The backend server authenticates the user and returns the authentication result;
4) Nginx responds to the client based on the authentication result.

Configuration Example

Assume that our application provides the following interfaces:

1)/admin: Only administrators can access;
2)/user: Any user can access;
3)/login: The interface used for user authentication.

Now, we hope to use Nginx to reverse proxy and implement access control on the interface. At the same time, we hope that only authenticated users can access the interface. We can check the login status through the following configuration.

location /admin {
    auth_request /auth;
    error_page   401 = /login;
    proxy_pass   http://upstream;
}

location /user {
    auth_request /auth;
    proxy_pass   http://upstream;
}

location = /auth {
    internal;
    proxy_pass   http://upstream/auth;
    proxy_pass_request_body off;
    proxy_set_header Content-Length "";
    proxy_set_header X-Original-URI $request_uri;
}

In this configuration, we define three locations. Among them, /admin and /user respectively represent the interfaces that require access control, and /auth is the interface used for user authentication. When the client requests /admin, Nginx forwards the authentication request to /auth through the auth_request directive. If a 401 error code is returned, it jumps to /login. The processing of /user is similar, except that error code processing is not added. The processing of /auth is where user authentication is truly implemented. It proxies to the back-end server for authentication and returns the authentication result.

In this example, /auth is the backend interface for user authentication. We can support various authentication methods (such as LDAP, database, etc.) by writing corresponding backend code.

Generally speaking, Nginx's ACL function is based on a powerful regular expression engine and some agreed variables. It is a very effective permission control implementation method for developers of user authentication schemes. Of course, during implementation, targeted configuration must be carried out according to specific needs and optimized based on the characteristics of the application scenario.

The above is the detailed content of ACL configuration based on user authentication in Nginx reverse proxy. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Lei Jun shares his New Year's wishes: deliver 300,000 cars and 100 check-in times in the gymApr 13, 2025 pm 11:54 PM

At the beginning of the new year, Lei Jun shared three New Year's wishes for 2025 at the beginning of the new year, and this four and a half hours-long live broadcast attracted a lot of attention. Lei Jun’s three major wishes are: First, achieve the delivery target of 300,000 vehicles, alleviate the pressure, and no longer be caught up by progress. Second, have more travel time, enjoy the beautiful scenery from all over the world, taste special food, and conduct car testing in combination with work. Third, stick to fitness and plan to check in 100 times in the gym to strengthen your body. Lei Jun admitted in the live broadcast that he traveled around in 2024, with a compact schedule, so he often only stayed for a short time, making it difficult to experience the local culture in depth. For example, at the New North Speedway in Germany, he stayed for only 8 hours. Therefore, in the new year, he hopes to be able to better balance work and life and travel

Annual reputation masterpiece! No.9 Company's micro-film 'Memory Travel' won many authoritative awardsApr 13, 2025 pm 11:51 PM

The micro-film "Memory Travel" created by No. 9 and brand spokesperson Yi Yang Qianxi won several authoritative media awards in 2024 and became a masterpiece of the year. This work has won high praise from the industry for its unique narrative style, exquisite production and sincere emotions. 2024 Awards and Honors: 2024 Gold Touch Global Business Innovation Award - Annual Film and Television Advertising 2024 China Advertising Marketing Award - Entertainment Marketing Group Silver Award 2024 Top Digital Innovation Marketing Award - Film and Television Production Gold Award 2024 Shanghai International Advertising Festival - Microfilm Silver Award 2024 The 11th China Innovation Communication Award - Integrated Marketing Silver Award WISE 2024 King of Business - Annual Case 31st China International Advertising Festival 2024 Digital Marketing Practical Big

Lead innovation and win another honor! AGON won the PConline2024 Zhizhen Technology AwardApr 13, 2025 pm 11:48 PM

Recently, the PConline2024 Zhizhen Technology Award was officially announced, and AGON Aidong QD-OLED e-sports display AG326UD won the "Technical Innovation of the Year" award. This honor not only represents the industry's high recognition of its technological advantages and market performance, but also fully reflects AGON's innovative capabilities and outstanding achievements in the field of e-sports display technology. 01. Looking at the future of technology, the authoritative value of the PConline Zhizhen Technology Award is the weather vane of the technology industry. The PConline Zhizhen Technology Award has successfully won wide industry recognition with its rigorous evaluation system and in-depth industry analysis. The award has always been committed to commending outstanding products and brands that promote the development of the technology industry, covering technology

Sony confirms the possibility of using special GPUs on PS5 Pro to develop AI with AMDApr 13, 2025 pm 11:45 PM

Mark Cerny, chief architect of SonyInteractiveEntertainment (SIE, Sony Interactive Entertainment), has released more hardware details of next-generation host PlayStation5Pro (PS5Pro), including a performance upgraded AMDRDNA2.x architecture GPU, and a machine learning/artificial intelligence program code-named "Amethylst" with AMD. The focus of PS5Pro performance improvement is still on three pillars, including a more powerful GPU, advanced ray tracing and AI-powered PSSR super-resolution function. GPU adopts a customized AMDRDNA2 architecture, which Sony named RDNA2.x, and it has some RDNA3 architecture.

Finally changed! Microsoft Windows search function will usher in a new updateApr 13, 2025 pm 11:42 PM

Microsoft's improvements to Windows search functions have been tested on some Windows Insider channels in the EU. Previously, the integrated Windows search function was criticized by users and had poor experience. This update splits the search function into two parts: local search and Bing-based web search to improve user experience. The new version of the search interface performs local file search by default. If you need to search online, you need to click the "Microsoft BingWebSearch" tab to switch. After switching, the search bar will display "Microsoft BingWebSearch:", where users can enter keywords. This move effectively avoids the mixing of local search results with Bing search results

Grilled skillfully! Monster Hunter launches 20th anniversary barbecue timer and kettleApr 13, 2025 pm 11:39 PM

To celebrate the 20th anniversary of Capcom's "Monster Hunter" series, Baodao Club launched a unique magazine set - "Monster Hunter" themed barbecue timer and accompanying cup. The set will be available at home convenience stores nationwide in Japan on December 27, and will be priced at 3,498 yen. The biggest highlight of this magazine set is its interactive barbecue timer, which perfectly replicates the classic barbecue scenes in the series of games. The timer is designed with an old version of the barbecue tool, equipped with LED flame light effects and game BGM, allowing you to experience the fun of hunting during the actual barbecue process. The rotating handle simulates flipped barbecue. After successfully baking, the voice prompt of "Baked!" will be played. The timer size is about 9.5cm (height) x 10.7cm (width) x 8cm (deep), built-in L

I understand users very much! Xiaomi SU7 owners can get Are U OK valve core cap for freeApr 13, 2025 pm 11:36 PM

Xiaomi Auto’s first anniversary celebration will give car owners a New Year gift! After the delivery volume exceeded 130,000 vehicles last year, Xiaomi Auto’s official Weibo announced that it will give Lei Jun’s classic quotation “AreyouOK?” to every Xiaomi SU7 owner and prospective owner. The number is limited and free to receive it! Activity time: 4 pm on December 28, 2024 to 23:59:59 on January 20, 2025. Users who purchase a car or complete an order before 23:59:59 on December 31, 2024 can get a set of four-piece "AreyouOK?" valve core caps for free. This valve core cap was first released in September this year and is made of bright yellow PVC and brass material. The brass core is directly embedded to ensure safe driving and not easy to fall off. Widely used,

The HDMI 2.2 standard is expected to be announced on the eve of 2025! 8K resolution is coming soonApr 13, 2025 pm 11:33 PM

It is reported that the HDMI2.2 standard is expected to be officially released on the eve of the 2025 CES exhibition. HDMIForum plans to announce this new generation of video signal transmission protocol specifications on January 6. The HDMI2.1 standard released in 2017 has a maximum bandwidth of 48Gbps, supports 4K144Hz and 8K30Hz video transmission, and can be up to 10K120Hz with DSC technology. HDMI2.2 is expected to significantly increase bandwidth, support higher resolution and refresh rate, and adopt new wires. Although the specific specifications have not been disclosed yet, HDMI2.2 will inevitably surpass the 48Gbps bandwidth and 10240*4320 resolution limit of HDMI2.1. Given that DisplayPort2.1 is at 20

See all articles