Today I’ll continue demonstrating the OpenResty Edge product. I’ll show how to configure HTTP basic authentication in gateway applications.

Embeded image

The HTTP basic auth is handled directly by the gateway servers.

Embeded image

As always, let’s go to OpenResty Edge’s Admin web console. This is our sample deployment of the console. Every user has her own local deployment.

Screenshot

Let’s configure the HTTP basic auth credentials for our gateway application.

We still use our continuing sample application for the test-edge.com domain.

Screenshot

Enter this application.

Screenshot

Go to the HTTP Basic Auth Credentials page.

Screenshot

We support adding one or more basic auth user groups. Each user group can have one or more users.

Add a new Basic Auth user group.

Screenshot

Enter the group name “tutorial-group”. This user group is merely for this tutorial.

Screenshot

Save it.

Screenshot

Add a new Basic Auth user to this group.

Screenshot

Click this button to add a new user.

Screenshot

Type in the user name “Sam”.

Screenshot

Enter the password.

Screenshot

Save it.

Screenshot

Now we have a new user in the “tutorial-group” user group.

Screenshot

By the way, we can go to the Basic tab to edit the user group settings. Here we don’t bother.

Screenshot

Close this page.

Screenshot

Go to the Page Rules page to actually enable basic authentication.

Screenshot

This existing page rule already sets up a reverse proxy to a pre-defined upstream. We covered this in an earlier tutorial.

Screenshot

Let’s add a new page rule.

Screenshot

Add a new action.

Screenshot

Type “basic auth” to search.

Screenshot

Select “Enable Basic Authentication” option.

Screenshot

Select the Basic Auth user group we just created.

Screenshot

Select “app-tutorial-group”.

Screenshot

The extra “app-” prefix indicates that the user group is only in the scope of the current application. And global basic auth user group names will get the extra prefix “global-”. I will get to the global HTTP basic auth settings later.

We set this rule as an “Always Top” rule to ensure this rule is always executed first. You can choose any order you want though.

Screenshot

Save this rule.

Screenshot

As always, we need to make a new configuration release to push out our edited page rule.

Screenshot

Click this button.

Screenshot

Ship it!

Screenshot

It is fully synchronized.

Screenshot

Now the new page rule has been pushed to all the gateway clusters and servers.

Embeded video

Our configuration changes do NOT require server reload, restart, or binary upgrade. So it’s very efficient and scalable.

Embeded image

Let’s access the gateway application. We can see that the page triggers the web browser’s authentication dialog instead of showing the web page content.

Embeded video

First, try clicking the Cancel button. We can see the page turns into a “401 Unauthorized” error page.

Embeded video

Embeded video

Refresh the page.

Embeded video

And this time, we enter the correct username and password we previously prepared.

Embeded video

Now we can access the web page.

Embeded video

Next, let’s test the HTTP basic auth setting on the command line with the curl utility.

On the terminal, we send a test request.

curl -sSI http://test-edge.com

Screenshot

We can see that the response is 401 Unauthorized.

Screenshot

Let’s specify the basic auth credential with the “u” option this time.

Screenshot

Here it is the user name.

Screenshot

And here goes the password in clear text.

Screenshot

Run this command.

We can see that the response is 200 OK now. We passed the authentication, and the server returned the final response.

Screenshot

In addition to configuring basic auth inside Edge applications, we can also configure it in Edge’s global configuration. Global auth user groups are visible to all the Edge applications.

Go to the Global Config page.

Screenshot

Enter the Global Basic Auth Credentials page.

Screenshot

Click this button to add a new Basic Auth user group.

Screenshot

Type the group name.

Screenshot

Save it.

Screenshot

Now that we’ve created a new global Basic Auth user group.

Screenshot

We can also click the edit button to add a new user for this group.

Screenshot

Click this button to add a new user.

Screenshot

Type in the user name “Kelly”.

Screenshot

Enter the password.

Screenshot

And save it.

Screenshot

Now we have a new user in the “tutorial-global-group” user group. Let’s see how to configure the global credential for our gateway application.

Screenshot

Close this page.

Screenshot

Go to the application list page.

Screenshot

Search the test-edge.com domain.

Screenshot

Let’s enter this application.

Screenshot

Go to the Page Rules page.

Screenshot

Edit this rule.

Screenshot

Click the drop-down list to switch the user group.

Screenshot

We can choose a global user group here. After the change is saved and released, the user credentials in that global user group are used instead.

Screenshot

This is what I like to cover today.

If you like this tutorial, please subscribe to this blog site and/or our Vimeo account and/or our YouTube channel. Thank you!

About This Article and Associated Video

This article and its associated video are both generated automatically by our OpenResty Showman product from a simple screenplay file.

About The Author

Yichun Zhang is the creator of the OpenResty® open source project. He is also the founder and CEO of the OpenResty Inc. company. He contributed a dozen open source Nginx 3rd-party modules, quite some Nginx and LuaJIT core patches, and designed products like OpenResty Edge, OpenResty XRay, and OpenResty Showman.

Translations

We provide the Chinese translation for this article on blog.openresty.com.cn. We welcome interested readers to contribute translations in other natural languages as long as the full article is translated without any omissions. We thank them in advance.

We are hiring

We always welcome talented and enthusiastic engineers to join our team at OpenResty Inc. to explore various open source software’s internals and build powerful analyzers and visualizers for real world applications built atop the open source software. If you are interested, please send your resume to talents@openresty.com . Thank you!