Have a look at roboo and work backwards from that? Sent from my iPhone
On 12/04/2013, at 23.34, [email protected] wrote: > Hi, > > I just started with a small company that's got a bunch of web apps being > served up from a bunch of different web servers. Some are 'appliances', > most are Apache. > > It's a mess of an infrastrucutre -- slow and . My long term plan is to > convert to one lighter weight platform with commercial support > available. Although I haven't used it myself for anything in production > yet, after a bunch of reading and some fooling around on my own, I'm 99% > sure it's going to be Nginx. > > In the short term -- like the boss wants it yesterday! -- I need to put > everything behind two factor authentication and enable SSL. Right now, > every web app is directly exposed to the web with single-factor auth > over http://. > > In principle, I think I can solve this in one nginx instance. Setting > nginx up to listen on one IP, and serve up separate SSL certificates for > each web app is brilliantly easy in nginx! Works perfectly. SO that > part's basically done. > > The auth piece has me scratching my head -- and I hope somebody here can > provide some guidance. > > What I want to do is have all access to the webapps FIRST go through a > two factor authentication webpage in nginx. The two factors I need are > (1) a simple password known to the user, and (2) a > GoogleAuthenticator-generated token/passcode. > > ONLY on correct & timely enter of both do I want the user passed through > to the webapp on one of those servers I mentioned. But once they do, > the 'authentication site' should become trabsparent and not interfere at > all with the session, etc. > > I'm not sure how to: > > (1) implement Google AUthenticator integration in Nginx. I've looked > for something built-in, or some plugin, which would be fantastic. But > I've haven't found anything reliable yet. > (2) make sure that after Authentication is OK to make everything > transparent to & from the webapps behind the nginx instance. Is this > proxying? I'm pretty sure I need to pass some sort of variables, but is > there some setting that bundles up everything so it's fully transparent? > > Are there any built-in ways -- and better yet, good tutorials! -- that > exist alrady for these? I doubt I've thought up anything new here, so > I'm hoping someone's already posted some know-how. > > THanks a bunch for any help! > > > Dave > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
