Hi, I just started with a small company that's got a bunch of web apps being served up from a bunch of different web servers. Some are 'appliances', most are Apache.
It's a mess of an infrastrucutre -- slow and . My long term plan is to convert to one lighter weight platform with commercial support available. Although I haven't used it myself for anything in production yet, after a bunch of reading and some fooling around on my own, I'm 99% sure it's going to be Nginx. In the short term -- like the boss wants it yesterday! -- I need to put everything behind two factor authentication and enable SSL. Right now, every web app is directly exposed to the web with single-factor auth over http://. In principle, I think I can solve this in one nginx instance. Setting nginx up to listen on one IP, and serve up separate SSL certificates for each web app is brilliantly easy in nginx! Works perfectly. SO that part's basically done. The auth piece has me scratching my head -- and I hope somebody here can provide some guidance. What I want to do is have all access to the webapps FIRST go through a two factor authentication webpage in nginx. The two factors I need are (1) a simple password known to the user, and (2) a GoogleAuthenticator-generated token/passcode. ONLY on correct & timely enter of both do I want the user passed through to the webapp on one of those servers I mentioned. But once they do, the 'authentication site' should become trabsparent and not interfere at all with the session, etc. I'm not sure how to: (1) implement Google AUthenticator integration in Nginx. I've looked for something built-in, or some plugin, which would be fantastic. But I've haven't found anything reliable yet. (2) make sure that after Authentication is OK to make everything transparent to & from the webapps behind the nginx instance. Is this proxying? I'm pretty sure I need to pass some sort of variables, but is there some setting that bundles up everything so it's fully transparent? Are there any built-in ways -- and better yet, good tutorials! -- that exist alrady for these? I doubt I've thought up anything new here, so I'm hoping someone's already posted some know-how. THanks a bunch for any help! Dave _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
