Secure media content with NGINX auth_request
I came across a requirement where admin can listen call logs of his employees on website. I had recording names stored in mongoDB.
I narrowed down to 2 choices,
1)Stream audio files using node js api on demand
2)Host all audio files using NGINX and then just send name of audio file in api response.
I thought second approach will be more clean way but I wanted to keep my audio files secure. So I used auth_request module from NGINX for authentication.
Let's start with example
I will be using docker compose.We have 2 docker compose file, docker-compose.yml(base file) and docker-compose.dev.yml file.
1)docker-compose file has 1 nginx service and 1 node js authentication service:

2) In docker-compose.dev file, we overwrite some environment specific properties:

3) NGINX Docker file, pointed in docker compose file:

4)NGINX config file:

In above file, “location /” serves static content from “usr/share/nginx/html”. We have auth_request and auth_request_set which goes to “location /auth” and checks response status code and decides if request is authenticated or not.
“location /auth” is pointing to upstream authRequest, which in-turn sends request to nodejs-auth:80(node js authentication service)
5) Simple dockerfile to start nodejs-auth service:


6) nodejs-auth service has just 1 “get api” which will validate token and set status code for auth_request.(We can validate in any way we want, maybe connect to database, etc)

6) Output without token and with invalid token and with valid token



Github link: https://github.com/riddheshganatra/NGINX-auth_request
Wrapping Up
With auth_request, its very easy to secure content hosted on NGINX using custom authentication service(node js in our case).
