Today I’ll continue demonstrating the OpenResty Edge product. I’ll show how to configure HTTP basic authentication in gateway applications.

Embeded image

The HTTP basic auth is handled directly by the gateway servers.

Embeded image

As always, let’s go to OpenResty Edge’s Admin web console. This is our sample deployment of the console. Every user has her own local deployment.

Screenshot

Let’s configure the HTTP basic auth credentials for our gateway application.

We still use our continuing sample application for the test-edge.com domain.

Screenshot

Enter this application.

Screenshot

Go to the HTTP Basic Auth Credentials page.

Screenshot

We support adding one or more basic auth user groups. Each user group can have one or more users.

Add a new Basic Auth user group.

Screenshot

Enter the group name “tutorial-group”. This user group is merely for this tutorial.

Screenshot

Save it.

Screenshot

Add a new Basic Auth user to this group.

Screenshot

Click this button to add a new user.

Screenshot

Type in the user name “Sam”.

Screenshot

Enter the password.

Screenshot

Save it.

Screenshot

Now we have a new user in the “tutorial-group” user group.

Screenshot

By the way, we can go to the Basic tab to edit the user group settings. Here we don’t bother.

Screenshot

Close this page.

Screenshot

Go to the Page Rules page to actually enable basic authentication.

Screenshot

This existing page rule already sets up a reverse proxy to a pre-defined upstream. We covered this in an earlier tutorial.

Screenshot

Let’s add a new page rule.

Screenshot

Add a new action.

Screenshot

Type “basic auth” to search.

Screenshot

Select “Enable Basic Authentication” option.

Screenshot

Select the Basic Auth user group we just created.

Screenshot

Select “app-tutorial-group”.

Screenshot

The extra “app-” prefix indicates that the user group is only in the scope of the current application. And global basic auth user group names will get the extra prefix “global-”. I will get to the global HTTP basic auth settings later.

We set this rule as an “Always Top” rule to ensure this rule is always executed first. You can choose any order you want though.

Screenshot

Save this rule.

Screenshot

As always, we need to make a new configuration release to push out our edited page rule.

Screenshot

Click this button.

Screenshot

Ship it!

Screenshot

It is fully synchronized.

Screenshot

Now the new page rule has been pushed to all the gateway clusters and servers.

Embeded video

Our configuration changes do NOT require server reload, restart, or binary upgrade. So it’s very efficient and scalable.

Embeded image

Let’s access the gateway application. We can see that the page triggers the web browser’s authentication dialog instead of showing the web page content.

Embeded video

First, try clicking the Cancel button. We can see the page turns into a “401 Unauthorized” error page.

Embeded video

Embeded video

Refresh the page.

Embeded video

And this time, we enter the correct username and password we previously prepared.

Embeded video

Now we can access the web page.

Embeded video

Next, let’s test the HTTP basic auth setting on the command line with the curl utility.

On the terminal, we send a test request.

curl -sSI http://test-edge.com

Screenshot

We can see that the response is 401 Unauthorized.

Screenshot

Let’s specify the basic auth credential with the “u” option this time.

Screenshot

Here it is the user name.

Screenshot

And here goes the password in clear text.

Screenshot

Run this command.

We can see that the response is 200 OK now. We passed the authentication, and the server returned the final response.

Screenshot

In addition to configuring basic auth inside Edge applications, we can also configure it in Edge’s global configuration. Global auth user groups are visible to all the Edge applications.

Go to the Global Config page.

Screenshot

Enter the Global Basic Auth Credentials page.

Screenshot

Click this button to add a new Basic Auth user group.

Screenshot

Type the group name.

Screenshot

Save it.

Screenshot

Now that we’ve created a new global Basic Auth user group.

Screenshot

We can also click the edit button to add a new user for this group.

Screenshot

Click this button to add a new user.

Screenshot

Type in the user name “Kelly”.

Screenshot

Enter the password.

Screenshot

And save it.

Screenshot

Now we have a new user in the “tutorial-global-group” user group. Let’s see how to configure the global credential for our gateway application.

Screenshot

Close this page.

Screenshot

Go to the application list page.

Screenshot

Search the test-edge.com domain.

Screenshot

Let’s enter this application.

Screenshot

Go to the Page Rules page.

Screenshot

Edit this rule.

Screenshot

Click the drop-down list to switch the user group.

Screenshot

We can choose a global user group here. After the change is saved and released, the user credentials in that global user group are used instead.

Screenshot

This is what I like to cover today.

If you like this tutorial, please subscribe to this blog site and/or our Vimeo account and/or our YouTube channel. Thank you!

About This Article and Associated Video

This article and its associated video are both generated automatically by our OpenResty Showman product from a simple screenplay file.

About The Author

Yichun Zhang (Github handle: agentzh), is the original creator of the OpenResty® open-source project and the CEO of OpenResty Inc..

Yichun is one of the earliest advocates and leaders of “open-source technology”. He worked at many internationally renowned tech companies, such as Cloudflare, Yahoo!. He is a pioneer of “edge computing”, “dynamic tracing” and “machine coding”, with over 22 years of programming and 16 years of open source experience. Yichun is well-known in the open-source space as the project leader of OpenResty®, adopted by more than 40 million global website domains.

OpenResty Inc., the enterprise software start-up founded by Yichun in 2017, has customers from some of the biggest companies in the world. Its flagship product, OpenResty XRay, is a non-invasive profiling and troubleshooting tool that significantly enhances and utilizes dynamic tracing technology.

As an avid open-source contributor, Yichun has contributed more than a million lines of code to numerous open-source projects, including Linux kernel, Nginx, LuaJIT, GDB, SystemTap, LLVM, Perl, etc. He has also authored more than 60 open-source software libraries.

Translations

We provide the Chinese translation for this article on blog.openresty.com.cn. We welcome interested readers to contribute translations in other natural languages as long as the full article is translated without any omissions. We thank them in advance.

We are hiring

We always welcome talented and enthusiastic engineers to join our team at OpenResty Inc. to explore various open source software’s internals and build powerful analyzers and visualizers for real world applications built atop the open source software. If you are interested, please send your resume to talents@openresty.com . Thank you!