Menu
I'm developping a web application with aiohttp where users authentication is implemented with aiohttp-security. I use nginx for the server deployement. The configuration is inspired by the aiohttp doc and looks like:
location /api {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://127.0.0.1:8080/api;
}
A part of the web application is something like a photo album. I want the photos to be served by ngninx for performance. My configuration looks like for now, it works but bypass the authentication:
location /photos {
root /srv/web/photos/;
try_files $uri =404;
}
How can I make nginx serve the photos only to authenticated users? (the authentication mecanism being implemented by the python application, as describe above)
335
This can be achieved by using Authentication based on sub-request results.
static/media location can be protected with help of subrequest authentication.
Considering static/media location: /media/
nginx.conf
....
location /media {
auth_request /auth;
#...
}
location = /auth {
internal;
proxy_pass https://yourauthserver/is_authenticated;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
#...
}
...
/is_authenticated This is the location where your web application check if user is authenticated or not.
Static/Media will be served only if is_authenticated returns status code 200.
138
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
