Reverse Proxy Nginx and Shibboleth/2FA/MFA Authentication Setup in under 20 Mins.

1 Comment | Server By · 25/04/2023



Reverse Proxy Nginx and Shibboleth/2FA/MFA Authentication Setup in under 20 Mins.

Reverse Proxy Nginx and Shibboleth/2FA/MFA Authentication Setup in under 20 Mins.

Showing here in this session is how to setup reverse proxy nginx and using shibboleth modules for authentication without the need for Apache/PHP etc.

Lightweight setup of Nginx and Shibboleth allows for MFA/2Factor Authentication methods. My purpose is to redirect securely to my Guacamole server for allowing ssh/remote desktop sessions.

Will be posting link to Guacamole setup as well.

Links to configuration file and the instruction files:
Cause YouTube says only got 5000 characters limit.

Grab your Instructions and Config File from, please if you are copying it for your own site, do link to this youtube channel as source. Thanks
NGINX Install Instructions : https://www.dropbox.com/s/6k9zevibvvpi2zm/InstructionsNginxYoutube.txt?dl=0

Sample NGINX Config file for Shibboleth Use:
https://www.dropbox.com/s/9t0q9sb0wlv67t6/YouTubeNginxSample.txt?dl=0

Here are some of the external links and sites I used to compile the steps

Debian 10 NGINX install :
https://www.vultr.com/docs/how-to-compile-nginx-from-source-on-debian-10/

Shibboleth for NGINX
https://tcg.stanford.edu/?p=131

Custom Modules used for Shibboleth Authentication :
https://github.com/nginx-shib/nginx-http-shibboleth

https://github.com/openresty/headers-more-nginx-module

Secure your nginx instance, steps are get SSL, only allow incoming traffic on port 443 if have valid certificate.
See these sites for SSL and Securing your instance, also included the nginx.conf as sample (remember must configure it for your domain/setup)

https://scaron.info/blog/improve-your-nginx-ssl-configuration.html

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-debian-11

For Generating CSR request for SSL openssl.

https://www.ssl.com/how-to/manually-generate-a-certificate-signing-request-csr-using-openssl/

Once, you have SSL working and also your shibboleth2.xml file configured properly you can use the sample nginx.conf file included to test/try your setup.

If any issues/errors please comment/post below, thanks.

Please subscribe/like/comment.

Yours,
@hashtagtnt

Comments are closed.

53GB.COM GPTSTORE CPU Yougpt Gptsio Gpt-store-Nav