Nginx authentication: Only allow traffic through iframes on same server
I have a large amount of Nginx reverse proxy entries which are all for different web services running on a server. In an attempt to combine these services, which all use different methods of authentication, into a single point of entry; I want to access them through iframes on one existing service which also happens to be a reverse proxy on the same server. This main service already uses Oauth for authentication so I'd like to to secure everything else behind it.
Basically my question is; to provide a single method of authentication for all of these services, how can I setup the reverse proxies to only be accessible through iframes on the same site? I have tried setting the location block for each reverse proxy to only allow the local IP of the server but this gives a 403 error; presumably because the access IP is an external one rather than the server's internal IP?
It is also worth mentioning that this server will only be accessed through an external hostname using TLS/SSL.
ssl authentication nginx reverse-proxy iframe
asked Feb 2 at 0:39
JimbrozeJimbroze
63
add a comment |
I have a large amount of Nginx reverse proxy entries which are all for different web services running on a server. In an attempt to combine these services, which all use different methods of authentication, into a single point of entry; I want to access them through iframes on one existing service which also happens to be a reverse proxy on the same server. This main service already uses Oauth for authentication so I'd like to to secure everything else behind it.
Basically my question is; to provide a single method of authentication for all of these services, how can I setup the reverse proxies to only be accessible through iframes on the same site? I have tried setting the location block for each reverse proxy to only allow the local IP of the server but this gives a 403 error; presumably because the access IP is an external one rather than the server's internal IP?
It is also worth mentioning that this server will only be accessed through an external hostname using TLS/SSL.
ssl authentication nginx reverse-proxy iframe
asked Feb 2 at 0:39
JimbrozeJimbroze
63
add a comment |
I have a large amount of Nginx reverse proxy entries which are all for different web services running on a server. In an attempt to combine these services, which all use different methods of authentication, into a single point of entry; I want to access them through iframes on one existing service which also happens to be a reverse proxy on the same server. This main service already uses Oauth for authentication so I'd like to to secure everything else behind it.
Basically my question is; to provide a single method of authentication for all of these services, how can I setup the reverse proxies to only be accessible through iframes on the same site? I have tried setting the location block for each reverse proxy to only allow the local IP of the server but this gives a 403 error; presumably because the access IP is an external one rather than the server's internal IP?
It is also worth mentioning that this server will only be accessed through an external hostname using TLS/SSL.
ssl authentication nginx reverse-proxy iframe
asked Feb 2 at 0:39
JimbrozeJimbroze
63
I have a large amount of Nginx reverse proxy entries which are all for different web services running on a server. In an attempt to combine these services, which all use different methods of authentication, into a single point of entry; I want to access them through iframes on one existing service which also happens to be a reverse proxy on the same server. This main service already uses Oauth for authentication so I'd like to to secure everything else behind it.
Basically my question is; to provide a single method of authentication for all of these services, how can I setup the reverse proxies to only be accessible through iframes on the same site? I have tried setting the location block for each reverse proxy to only allow the local IP of the server but this gives a 403 error; presumably because the access IP is an external one rather than the server's internal IP?
It is also worth mentioning that this server will only be accessed through an external hostname using TLS/SSL.
ssl authentication nginx reverse-proxy iframe
ssl authentication nginx reverse-proxy iframe
asked Feb 2 at 0:39
JimbrozeJimbroze
63
asked Feb 2 at 0:39
JimbrozeJimbroze
63
asked Feb 2 at 0:39
JimbrozeJimbroze
63
asked Feb 2 at 0:39
JimbrozeJimbroze
63
asked Feb 2 at 0:39
JimbrozeJimbroze
63
63
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I've managed to get around this by using Vouch and the Nginx auth-request module to add top-level authentication to the entire server. This means I can login with my google account and Oauth 2.0 and remove the individual authentication methods for each web service.
answered Feb 4 at 17:22
JimbrozeJimbroze
63
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1401207%2fnginx-authentication-only-allow-traffic-through-iframes-on-same-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I've managed to get around this by using Vouch and the Nginx auth-request module to add top-level authentication to the entire server. This means I can login with my google account and Oauth 2.0 and remove the individual authentication methods for each web service.
answered Feb 4 at 17:22
JimbrozeJimbroze
63
add a comment |
I've managed to get around this by using Vouch and the Nginx auth-request module to add top-level authentication to the entire server. This means I can login with my google account and Oauth 2.0 and remove the individual authentication methods for each web service.
answered Feb 4 at 17:22
JimbrozeJimbroze
63
add a comment |
I've managed to get around this by using Vouch and the Nginx auth-request module to add top-level authentication to the entire server. This means I can login with my google account and Oauth 2.0 and remove the individual authentication methods for each web service.
answered Feb 4 at 17:22
JimbrozeJimbroze
63
I've managed to get around this by using Vouch and the Nginx auth-request module to add top-level authentication to the entire server. This means I can login with my google account and Oauth 2.0 and remove the individual authentication methods for each web service.
answered Feb 4 at 17:22
JimbrozeJimbroze
63
answered Feb 4 at 17:22
JimbrozeJimbroze
63
answered Feb 4 at 17:22
JimbrozeJimbroze
63
answered Feb 4 at 17:22
JimbrozeJimbroze
63
63
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1401207%2fnginx-authentication-only-allow-traffic-through-iframes-on-same-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
