Create a reverse proxy using Nginx with user specific routing and password authorization

Hi,

so I’m supposed to containerize an application so we can add the mentioned feature , so each user would have to enter a username and password, and then if that username exists (and the correct password for that user was entered), the reverse proxy would redirect the person to a specific container/service.

The container/service should be able to be updated and some files would be replaced with the original ones upon creating the container/service, and data would be either saved in a persistent volume or a path mounted from the host system (this part I can manage completely on my own so far).

The part I need help is the authorization part, is there any tool available for this?
Or if I am to implement this, can I do this using Nginx (specifically this image is what I will probably use : jwilder/nginx-proxy), and code the authorization part in JS?

Any additional help in implementing the authorization would be also appreciated ,
Thanks in advance

I don’t exactly know what you want to achieve, only how you would like to do that, but if you use different domain names for each user like <username>.user.yourdomain.tld, you can use JS and send the request to different domains or just redirect the user on client side after the authorization to the new domain. Since the nginx proxy would handle the redirection to different containers, you just need to create those containers.

By the way don’t you want to do something similar to what JupyterHub does (if you know it)? It has a login page running in one container and after the authentication, it creates a new container fot the authenticated user to run a JupyterBook

thanks , well we are using this application to develop part of our software system (company policy dictates that I can’t mention this app in public forums and such), but the app itself stores all the data in one file and despite having sort of a authentication system, the settings file and the data file are easily accessible in file explorer, and users are only divided to 2 groups , one with read-only access , and the other with full access.
so we want to containerize this app so we can divide the data accessible by each user.

And I don’t know about JupyterHub, but I will look into it, thanks for the mention. also what I want to do is to redirect the user to a container, so the containers are created before hand, and authentication only grants access to a specific container.
Thanks again, I will study both cases you mentioned and return to this post with any further issues or dilemmas.

also it seems we will be using ports or hostname (as I have learned the container/service name is also the hostname) to have the reverse proxy point to the containers but I suppose we have to eventually use a domain to access the proxy itself, so I suppose can still use JS to do this, right?

Be careful with container hostnames since the proxy should see every container, but in some cases (for example when you use docker compose) different containers can have the same service name, so the same hostname as well. I don’t remember exactly how nginx-proxy generates the config file, but I am pretty sure it uses IP addresses to connect to the containers and uses a name for the nginx “upstream” only.

Nginx proxy also has a path based routing, but yes, you can use JS if you want to.