https://github.com/mguinness/nginxwebauthn

WebAuthn for nginx using auth_request
https://github.com/mguinness/nginxwebauthn

nginx webauthn

Last synced: 2 months ago
JSON representation

WebAuthn for nginx using auth_request

• Host: GitHub
• URL: https://github.com/mguinness/nginxwebauthn
• Owner: mguinness
• License: mit
• Created: 2025-02-28T22:58:36.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2025-03-06T06:08:21.000Z (over 1 year ago)
• Last Synced: 2025-03-09T11:12:24.978Z (over 1 year ago)
• Topics: nginx, webauthn
• Language: C#
• Homepage:
• Size: 10.7 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Nginx w/ WebAuthn

[WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) for [nginx](https://en.wikipedia.org/wiki/Nginx) using [auth_request](http://nginx.org/en/docs/http/ngx_http_auth_request_module.html#auth_request).  Project is inspired and ported from 

[NGINX + WebAuthn for your small scale web applications](https://github.com/newhouseb/nginxwebauthn) repository.

Docker images are available in Docker Hub at [mguinness/nginxwebauthn](https://hub.docker.com/r/mguinness/nginxwebauthn).

Modify your nginx configuration as follows.  Update `server_name` and your SSL settings (WebAuthn requires SSL).

```

server {

    listen 443 ssl;

    server_name localhost;

    ssl_certificate cert.pem;

    ssl_certificate_key cert.key;

    # Redirect everything that begins with /auth to the authorization server

    location /auth {

        proxy_pass http://localhost:8080;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    }

    # If the authorization server returns 401 Unauthorized, redirect to /auth/login

    error_page 401 = @error401;

    location @error401 {

        return 302 /auth/login;

    }

    root html;

    index index.html;

    location / {

        auth_request /auth/check; # Ping /auth/check for every request, and if it returns 200 OK grant

    }

}

```

Run the ASP.NET Core application and navigate to the configured nginx site.  You should be automatically routed to `/auth/login`.

Insert your security key to register it and you will get a message that includes the public key.  Copy and paste it into the `Realms` section in the appsettings.json file.

If you are using docker, create a text file and place the environment variable on a new line.  Then run docker and use the `--env-file` flag with the path to the file.

After restarting the application and navigating to the site, you should be prompted to insert your security key to authenticate.