opa-nginx-rbac - A proof of concept for RBAC on nginx with Open Policy Agent

  •        114

This repository demonstrates how to implement role based access control (RBAC) on Nginx with Open Policy Agent. First, start the container of Nginx and Open Policy Agent.

https://github.com/summerwind/opa-nginx-rbac

Tags
Implementation
License
Platform

   




Related Projects

nginx-jwt - Lua script for Nginx that performs reverse proxy auth using JWT's

  •    Javascript

nginx-jwt is a Lua script for the Nginx server (running the HttpLuaModule) that will allow you to use Nginx as a reverse proxy in front of your existing set of HTTP services and secure them (authentication/authorization) using a trusted JSON Web Token (JWT) in the Authorization request header, having to make little or no changes to the backing services themselves.IMPORTANT: nginx-jwt is a Lua script that is designed to run on Nginx servers that have the HttpLuaModule installed. But ultimately its dependencies require components available in the OpenResty distribution of Nginx. Therefore, it is recommended that you use OpenResty as your Nginx server, and these instructions make that assumption.

lua-resty-openidc - Lua implementation to make NGINX operate as an OpenID Connect RP or OAuth 2

  •    Lua

lua-resty-openidc is a library for NGINX implementing the OpenID Connect Relying Party (RP) and/or the OAuth 2.0 Resource Server (RS) functionality. When used as an OpenID Connect Relying Party it authenticates users against an OpenID Connect Provider using OpenID Connect Discovery and the Basic Client Profile (i.e. the Authorization Code flow). When used as an OAuth 2.0 Resource Server it can validate OAuth 2.0 Bearer Access Tokens against an Authorization Server or, in case a JSON Web Token is used for an Access Token, verification can happen against a pre-configured secret/key .

casbin-rs - An authorization library that supports access control models like ACL, RBAC, ABAC in Rust

  •    Rust

Casbin-RS is a powerful and efficient open-source access control library for Rust projects. It provides support for enforcing authorization based on various access control models. In casbin-rs, an access control model is abstracted into a CONF file based on the PERM metamodel (Policy, Effect, Request, Matchers). So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration. You can customize your own access control model by combining the available models. For example, you can get RBAC roles and ABAC attributes together inside one model and share one set of policy rules.

Casbin - An authorization library that supports access control models like ACL, RBAC, ABAC

  •    Go

Casbin is an authorization library that supports access control models like ACL, RBAC, ABAC. In Casbin, an access control model is abstracted into a CONF file based on the PERM metamodel (Policy, Effect, Request, Matchers). So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration.

ModSecurity-nginx - ModSecurity v3 Nginx Connector

  •    C

The ModSecurity-nginx connector is the connection point between Nginx and libmodsecurity (ModSecurity v3). Said another way, this project provides a communication channel between Nginx and libmodsecurity. This connector is required to use LibModSecurity with Nginx. The ModSecurity-nginx connector takes the form of an Nginx module. The module simply serves as a layer of communication between Nginx and ModSecurity.


NGINX-Demos - NGINX and NGINX Plus demos

  •    HTML

autoscaling-demo: This demo uses one NGINX Plus instance as a load balancer with two upstream groups, one for NGINX Plus web servers and one for Elasticsearch nodes. All of the instances run in Docker containers. The demo uses both the upstream_conf and status api's. If shows creating a new NGINX Plus environment and adding and removing containers manually and with autoscaling. consul-api-demo: This demo spins up a bunch of docker containers and shows NGINX Plus being used in conjuction with Consul, a service discovery platform. It uses the upstream_conf API in NGINX Plus to add the servers registered with Consul and remove the ones which get deregistered without the need for reloading NGINX Plus. This automates the process of upstream reconfiguration in NGINX Plus based on Consul data using a simple bash script and Consul watches.

rbac - PHP-RBAC is an authorization library for PHP

  •    PHP

PHP-RBAC is an authorization library for PHP. It provides developers with NIST Level 2 Hierarchical Role Based Access Control and more, in the fastest implementation yet. Take a look at the "Before You Begin" section of our Documentation to learn what an RBAC system is and what PHP-RBAC has to offer you and your project.

authelia - The Single Sign-On Multi-Factor portal for web apps

  •    Go

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for reverse proxies like nginx, Traefik or HAProxy to let them know whether requests should either be allowed or redirected to Authelia's portal for authentication. Documentation is available at https://www.authelia.com/docs.

nginx-proxy - Automated nginx proxy for Docker containers using docker-gen

  •    Python

nginx-proxy sets up a container running nginx and docker-gen. docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped.See Automated Nginx Reverse Proxy for Docker for why you might want to use this.

ansible-role-nginx - Ansible Role - Nginx

  •    

Installs Nginx on RedHat/CentOS, Debian/Ubuntu, Archlinux, FreeBSD or OpenBSD servers. This role installs and configures the latest version of Nginx from the Nginx yum repository (on RedHat-based systems), apt (on Debian-based systems), pacman (Archlinux), pkgng (on FreeBSD systems) or pkg_add (on OpenBSD systems). You will likely need to do extra setup work after this role has installed Nginx, like adding your own [virtualhost].conf file inside /etc/nginx/conf.d/, describing the location and options to use for your particular website.

nginx-upsync-module - For http protocol

  •    C

nginx-upsync-module - Nginx C module, sync upstreams from consul or others, dynamically modify backend-servers attribute(weight, max_fails,...), needn't reload nginx. It may not always be convenient to modify configuration files and restart NGINX. For example, if you are experiencing large amounts of traffic and high load, restarting NGINX and reloading the configuration at that point further increases load on the system and can temporarily degrade performance.

ngx_devel_kit - Nginx Development Kit - an Nginx module that adds additional generic tools that module developers can use in their own modules

  •    C

The NDK is an Nginx module that is designed to extend the core functionality of the excellent Nginx webserver in a way that can be used as a basis of other Nginx modules. It has functions and macros to deal with generic tasks that don't currently have generic code as part of the core distribution. The NDK itself adds few features that are seen from a user's point of view - it's just designed to help reduce the code that Nginx module developers need to write.

OpenResty - Turning Nginx into a Full-Fledged Scriptable Web Platform

  •    C

OpenResty is a full-fledged web platform that integrates the standard Nginx core, LuaJIT, many carefully written Lua libraries, lots of high quality 3rd-party Nginx modules, and most of their external dependencies. It is designed to help developers easily build scalable web applications, web services, and dynamic web gateways.

nginx-buildpack - Run NGINX in front of your app server on Heroku

  •    Shell

Nginx-buildpack vendors NGINX inside a dyno and connects NGINX to an app server via UNIX domain sockets. Some application servers (e.g. Ruby's Unicorn) halt progress when dealing with network I/O. Heroku's Cedar routing stack buffers only the headers of inbound requests. (The Cedar router will buffer the headers and body of a response up to 1MB) Thus, the Heroku router engages the dyno during the entire body transfer –from the client to dyno. For applications servers with blocking I/O, the latency per request will be degraded by the content transfer. By using NGINX in front of the application server, we can eliminate a great deal of transfer time from the application server. In addition to making request body transfers more efficient, all other I/O should be improved since the application server need only communicate with a UNIX socket on localhost. Basically, for webservers that are not designed for efficient, non-blocking I/O, we will benefit from having NGINX to handle all I/O operations.

nginx-php-fpm - Nginx and php-fpm for dockerhub builds

  •    Shell

This is a Dockerfile/image to build a container for nginx and php-fpm, with the ability to pull website code from git when the container is created, as well as allowing the container to push and pull changes to the code to and from git. The container also has the ability to update templated files with variables passed to docker in order to update your code and settings. There is support for lets encrypt SSL configurations, custom nginx configs, core nginx/PHP variable overrides for running preferences, X-Forwarded-For headers and UID mapping for local volume support. If you have improvements or suggestions please open an issue or pull request on the GitHub project page.

ngxtop - Real-time metrics for nginx server

  •    Python

ngxtop parses your nginx access log and outputs useful, top-like, metrics of your nginx server. So you can tell what is happening with your server in real-time. ngxtop tries to determine the correct location and format of nginx access log file by default, so you can just run ngxtop and having a close look at all requests coming to your nginx server. But it does not limit you to nginx and the default top view. ngxtop is flexible enough for you to configure and change most of its behaviours. You can query for different things, specify your log and format, even parse remote Apache common access log with ease. See sample usages below for some ideas about what you can do with it.

awesome-nginx - A curated list of awesome Nginx distributions, third modules, active developers, etc

  •    C

A curated list of awesome nginx distributions、third modules、active developers and so forth. If you want to contribute, please submit a pull request.

nginx-module-vts - Nginx virtual host traffic status module

  •    C

This document describes nginx-module-vts v0.1.18 released on 22 Jun 2018. Earlier versions is not tested.

nginx-clojure - Nginx module for embedding Clojure or Java or Groovy programs, typically those Ring based handlers

  •    Java

Nginx-Clojure is a Nginx module for embedding Clojure or Java or Groovy programs, typically those Ring based handlers. The latest release is v0.4.5, more detail changes about it can be found from Release History.

uwsgi-nginx-flask-docker - Docker image with uWSGI and Nginx for Flask applications in Python running in a single container

  •    Shell

Docker image with uWSGI and Nginx for Flask web applications in Python 3.6, Python 3.5 and Python 2.7 running in a single container. Optionally using Alpine Linux. This Docker image allows you to create Flask web applications in Python that run with uWSGI and Nginx in a single container.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.