Make sure that you have nginx-extras installed, and not nginx. Extras includes the PAM module.
sudo apt-get install nginx-extrasThe following is taken from this readme.
To protect everything under /secure you will add the following to the nginx.conf file: This is secure enough for many purposes.
location /secure {Note that the module runs as the web server user, so the PAM modules used must be able to authenticate the users without being root; that means that if you want to use the pam_unix.so module to authenticate users you need to let the web server user to read the /etc/shadow file if that does not scare you (on Debian like systems you can add the www-data user to the shadow group).
auth_pam "Secure Zone";
auth_pam_service_name "nginx";
}
As an example, to authenticate users against an LDAP server (using the pam_ldap.so module) you will use an /etc/pam.d/nginx like the following:
auth required pam_ldap.soIf you also want to limit the users from LDAP that can authenticate you can use the pam_listfile.so module; to limit who can access resources under /restricted add the following to the nginx.conf file:
account required pam_ldap.so
location /restricted {Use the following /etc/pam.d/nginx_restricted file:
auth_pam "Restricted Zone";
auth_pam_service_name "nginx_restricted";
}
auth required pam_listfile.so onerr=fail item=user \And add the users allowed to authenticate to the /etc/nginx/restricted_users (remember that the web server user has to be able to read this file).
sense=allow file=/etc/nginx/restricted_users
auth required pam_ldap.so
account required pam_ldap.so
No comments:
Post a Comment