2

I have a proxied nuxt app set up like this:

location / {
    proxy_pass http://localhost:3011/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

This works great. Now I want to restrict it for development purposes so only my team have access to it.

I cannot use IPs because some team members have dynamic IP. So I stumbled upon auth_basic and set it up by adding:

auth_basic           "Restricted";
auth_basic_user_file /etc/apache2/.htpasswd;

This also works fine as far as restriction goes. The problem is that it uses the Authorization header and that interferes with our app's authentication mechanism.

Is there any way to make nginx use another header like maybe X-Authorization?

Improve this question

1 Answer 1

Reset to default
1
+100

If your app has authentication mechanism , its better to control access from there among teams.

Pretty sure http_basic_auth works on standards. https://www.rfc-editor.org/rfc/rfc7235#section-4.2.

RFC7234, section 3.2 says that requests/responses Authorization header MUST not be cached (except in specific circumstances).

RFC7235, section 5.1.2, point 7 furthermore has this say to about NEW authentication schemes that use headers other than Authorization:

If you want auth on some specific paths, then

location /public/setup-steps {
       auth_basic           "Restricted";   
       auth_basic_user_file /etc/apache2/.htpasswd;
       proxy_pass http://localhost:3011/; 
}

Just remember to put this location before /.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

thank you for your detailed response; i wanted to restrict access in that way because there are also public pages, not protected by auth
you can have nginx auth on public pages then , something like location /public/setup-setup { auth_basic "Restricted"; auth_basic_user_file /etc/apache2/.htpasswd; proxy_pass http://localhost:3011/; } . Just remember to up this location path before /
yes but even the public pages have different elements for logged vs guests :/

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.