This is an NGINX module to check for a valid JWT.
Inspired by TeslaGov, ch1bo and tizpuppi, this module intend to be as light as possible and to remain simple.
- Docker image based on the official nginx Dockerfile (alpine).
- Light image (uncompressed: ~11MB, compressed: ~6MB).
This module is built inside a docker container, from the alpine image.
server {
auth_jwt_key "0123456789abcdef" hex; # Your key as hex string
auth_jwt off;
location /secured-by-cookie/ {
auth_jwt $cookie_MyCookieName;
}
location /secured-by-auth-header/ {
auth_jwt on;
}
location /secured-by-auth-header-too/ {
auth_jwt_key "another-secret"; # Your key as utf8 string
auth_jwt on;
}
location /not-secure/ {}
}Syntax: auth_jwt $variable | on | off;
Default: auth_jwt off;
Context: http, server, location
Enables validation of JWT.
Syntax: auth_jwt_key string [encoding];
Default: ——
Context: http, server, location
Specifies the key for validating JWT signature (must be hexadecimal).
The encoding otpion may be hex | utf8 | base64 (default is utf8).
Syntax: auth_jwt_key_file filename;
Default: ——
Context: http, server, location
Specifies the key for validating JWT signature by reading it from a file.
As auth_jwt_key also defines the expected key, it cannot be provided in the same scope.
Syntax: auth_jwt_alg any | HS256 | HS384 | HS512 | RS256 | RS384 | RS512 | ES256 | ES384 | ES512;
Default: auth_jwt_alg any;
Context: http, server, location
Specifies which algorithm the server expects to receive in the JWT.
./build # Will create a "jwt-nginx" (Dockerfile)./test # Will create a "jwt-nginx-test" image from the "jwt-nginx" one (Dockerfile.test)./test your-image-to-testexample:
./test jwt-nginx-s4 # tests the development image./test --current containerexample:
# docker run --rm --name ngx-test -p 8000:8000 jwt-nginx-test
./test --current ngx-test