Hello! On Thu, Sep 03, 2020 at 10:55:27AM +0530, RA wrote:
> How does NGINX process auth_basic_user_file? > > 1) Does it read it in entirety on every connection? No. > 2) Does it read it line by line on every connection and stops > when a match is found? No, though what nginx does is somewhat close. It reads the user file by using a fixed-size buffer, and then scans the buffer contents to find lines. As long as the user is found, it stops. See the code for further details. > 3) Does it read it full on start and re-reads it only if the > file is changed? No. > If its either 1 or 2, then is it not very inefficient to read a > file on just every connection? If the file has fairly large > number of entries (5-10mb), will it not affect the performance > of web server in general? There should be some "indexed" > approach to this. Reading the user file is not generally a problem, since it is cached by OS. Unwise choice of the password hashing algorithm usually have much larger impact on basic authentication and the performane of the web server in general, since basic authentication implies checking the password on each request. On the other hand, using user files with fairly large number of entries might not be a good idea either. If you want to deploy authentication in setups with many thousands of users, you may want to use different authentication mechanism. In particular, you may plug your own, written in your favorite language, by using the auth_request directive, see here for details: http://nginx.org/en/docs/http/ngx_http_auth_request_module.html -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
