: More Secure NGINX Authentication than auth_basic I've been trying to come up with the most secure method of authentication to my reverse proxy in NGINX. I've been using ngx_http_auth_basic_module

I've been trying to come up with the most secure method of authentication to my reverse proxy in NGINX. I've been using ngx_http_auth_basic_module so far without any issues, but there are apparently some glaring security implications with this setup. Most of these security concerns are not too big of an issue because my site is strictly operating with SSL. I'd still like to secure it as much as possible.

Are there any alternative, superior authentication mechanisms for NGINX?

I'm open to anything; this is not a public service.

10.02% popularity Vote Up Vote Down

: Dynamic content load from MongoDB and SEO I'm totally new to Web Development and i've made a website which load some content from Parse.com database (mongodb). So i have a website with totally

@Lee4591628

Posted in: #Seo

1 Comments

: Would running copy of an eCommerce site under a different ccTLD fall under that country's law? My relative has a Dutch webshop. Many of his customers are Belgian. To increase trust of potential

@Lee4591628

Posted in: #Cctld #Ecommerce #Legal

1 Comments

: Does https affect adsense? I am starting a new guest blog where I write posts and ask others to write as well. I will be using adsense with my website very soon and I want to know if

@Lee4591628

Posted in: #Google #GoogleAdsense #Https

1 Comments

: Multiple URL referral spam list As a company, we're running a homepage with a set of landing pages (10+ of them) and it's becoming quite tedious to keep updating a spam referral list on every

@Lee4591628

Posted in: #GoogleAnalytics #Spam

1 Comments

Login to post a comment!

2 Comments

Sorted by latest first Latest Oldest Best

@Miguel251

Although the question is 2 years old, I would like to keep on answering to it.

The page linked by the accepted answer (https://www.nginx.com/resources/wiki/modules/auth_digest/) is 11 years old and states itself that "... (it) is in need of broader testing before it can be considered secure enough for use in production."

A GitHub page (https://github.com/atomx/nginx-http-auth-digest) is also linked and more recent advice (April 2017) of the authors may found on it: "The module is currently functional but has only been tested and reviewed by its author. And given that this is security code, one set of eyes is almost certainly insufficient to guarantee that it's 100% correct."

So my conclusion is that the accepted answer gives a very interesting module which is unfortunately not advisable for securing sensitive data.

10% popularity Vote Up Vote Down

@BetL925

NGINX has a digest authentication module: www.nginx.com/resources/wiki/modules/auth_digest/
Unlike basic authentication, digest authentication does not send user names and passwords in plain text over the internet.

If your site is SSL only, then basic authentication is probably fine. the SSL encrypts the entire session including the user names and passwords.

10% popularity Vote Up Vote Down

Feed

: More Secure NGINX Authentication than auth_basic I've been trying to come up with the most secure method of authentication to my reverse proxy in NGINX. I've been using ngx_http_auth_basic_module

More posts by @Lee4591628

: Dynamic content load from MongoDB and SEO I'm totally new to Web Development and i've made a website which load some content from Parse.com database (mongodb). So i have a website with totally

: Would running copy of an eCommerce site under a different ccTLD fall under that country's law? My relative has a Dutch webshop. Many of his customers are Belgian. To increase trust of potential

: Does https affect adsense? I am starting a new guest blog where I write posts and ask others to write as well. I will be using adsense with my website very soon and I want to know if

: Multiple URL referral spam list As a company, we're running a homepage with a set of landing pages (10+ of them) and it's becoming quite tedious to keep updating a spam referral list on every

Login to post a comment!

2 Comments

Back to top | Use Dark Theme