开发者

Nging proxy_pass after user is authenticated by a sessions cookie

开发者 https://www.devze.com 2023-02-15 07:46 出处：网络

I am using nginx as a proxy server listening to some s开发者_Python百科ervice running at localhost. But before I want proxy_pass to happen, the user should be authenticated by a cookie or a login prom

相关专题：cookies localhost nginx proxy

I am using nginx as a proxy server listening to some s开发者_Python百科ervice running at localhost. But before I want proxy_pass to happen, the user should be authenticated by a cookie or a login prompt.

How to go about this?

You should have some rewrite rule that redirects the user to the login page if they don't have the login cookie. The login page will then set the correct cookie and redirect the user back to the correct page (if the user passes the authentication test). Maybe something like this:

location / {
    if ($cookie_login_token = "") {
        rewrite .* /login-page break;
    }
}

Then your login page should set the cookie "login_token" with some value. Although that set up is pretty easy to circumvent if the user knows what cookie you're listening too (for example by watching some other user log in), so I suggest also doing stronger testing on the real server.