Skip to content

Implement generic AAI Proxy

For web services require authentication, there are several possibilities for integration. The Apache HTTP Server and Nginx web server (including OpenResty as an Nginx distro) have a significant combined market share over all web sites on the internet (Source: statista.de) while all the rest is distributed between Cloudflare, Google and an uncountable amount of smaller products. For that reason, we feel that most use cases can be dealt with by using one of the options in the following list:

  • Apache HTTP Server: There are modules for the Apache web server that allow it to add authentication capabilities without modification of the application served by it. This repository on Helmholtz Codebase can serve as a rough outline on how to make use of it.

  • Nginx web server: For Nginx there is a similar module on GitHub that allows it to act as an authenticated web server.

  • OAuth2Proxy: It serves as a reverse proxy for any other existing web application regardless of the web server used with it and enables authentication via OpenID Connect and OAuth2 and can be deployed in front of any web service. Be it as a standalone instance (single binary), as part of a Docker deployment or even in a pod on a Kubernetes cluster, it is easily installed and quickly configured, making it a good choice if there are no special requirements towards authorization (Resources: GitHub repository, Documentation).