2

I’m building a system based on OpenVPN, where clients will connect to a website, secured by Basic Authentication (that’s the way it is, no way to change this).

I wish I could go through a nginx proxy that would add for me the correct basic authentication header before reaching the website. This way, based on the IP address the client uses (coming from OpenVPN configuration), I would retrieve it’s user/password in a DB and forge the header accordingly. So user don’t have to enter any login/password.

Injecting the basic-authentication header is easy with:

location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://6.6.6.6:80; proxy_set_header Authorization "Basic a2luZzppc25ha2Vk"; }

Where ‘a2luZzppc25ha2Vk' is of course the base64 for this login:password.

So now I need to replace a2luZzppc25ha2Vk with a value found in a DB, according to the $remote_addr

Improve this question
1
  • Did’nt thought that would be that difficult :( Commented Nov 5, 2011 at 16:40

1 Answer 1

Reset to default
1

You could dump your database to config in a way:

geo $auth_base64 { <remote_addr1>/32 <base64_1>; <remote_addr2>/32 <base64_2>; <remote_addrN>/32 <base64_N>; default <base64_for_default_address> }

Of course without "<>".

Then include this config into http {} section. You could make simple cronjob (dump, test, reload).

So variable $auth_base64, then, could be used in proxy_set_header directive:

proxy_set_header Authorization "Basic $auth_base64";

Or you can use 3rd party module: http://www.grid.net.ru/nginx/eval.en.html witch can evaluate backend response into variables. Not tested by myself. Some problems with modern nginx versions may occur.

Improve this answer
1
  • looks brilliant. Thx ! Commented Nov 8, 2011 at 15:03

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.