Skip to content

Proxy for securing a backend via Helmholtz ID / AAI

For web services in need of authentication, there are several possibilities for integration. The Apache and Nginx web servers (including OpenResty as an Nginx distro) share a combined market share of 47% over all web sites on the internet (Source: statista.de) while all the rest is distributed between Cloudflare, Google and an uncountable amount of smaller products. For that reason, we feel that most use cases can be dealt with by using one of the options in the following list:

  • Apache httpd web server: There are modules for the Apache web server that allow it to add authentication capabilities without modification of the application served by it. This repository on Helmholtz Codebase can serve as a rough outline on how to make use of it.

  • Nginx web server: For Nginx there is a similar module on Github that allows it to act as an authenticated web server.

  • OAuth2Proxy: It serves as a reverse proxy for any other existing web application regardless of the web server used with it and enables authentication via OpenID-connect and OAuth2 and can be deployed in front of any web service. Be it as a standalone instance (single binary), as part of a Docker deployment or even in a pod on a Kubernetes cluster, it is easily installed and quickly configured, making it a good choice if there are no special requirements towards authorization (Resources: Github repository, Documentation).