Two-Factor Auth

[meichthys]

Two-Factor authorization would be a very welcomed feature in my book.

To be able to log into nginx-proxy-manager via 2FA as well as being able to provide 2FA for access to hosts - this would vastly improve the security of less secure or non-secure applications hiding behind the nginx proxy.

Something like Authelia should provide a good starting point.

[arejaytee]

+1 on this or implementing https://github.com/jc21/nginx-proxy-manager/issues/137

[Rami-Pastrami]

Noting https://github.com/authelia/authelia for being maintained actively currently, and having more features

[KamistixX]

Authelia integration would be a massive feature

[james-d-elliott]

One of the maintainers of Authelia here. We'd be willing to do some form of collab to help with this. Particularly with the access to the hosts section as that is the easiest part. I also think this would actually address a few of your issues all at once (I'll try to compile a list later and the reasons why).

Ideally if we did it I think the ideal place to do it is in the access tab as an alternate provider to the HTTP basic auth. Also it shouldn't be limited to Authelia in my opinion, people should be able to configure all aspects of the ngx_http_auth_request_module.

Authelia docs.

[KittyKatt]

This would actually bring me back to nginx-proxy-manager over some other solution as there's no other solution with as easy of a point and click interface as this, but vanilla nginx supports this with Authelia's guide so I've been sticking with that.

[Rami-Pastrami]

TBH I would even be happy for a guide to add Authelia to NginxProxyManager

[lazee486]

+1 I opened a request for voucher-proxy or keycloak before I found this one, but any route he goes with I'd be willing to try :) his interface is one of the best I've found for homelab!

[zero77]

Google provide a 2FA module that can be integrated with protocols like SSH and OpenVPN. https://github.com/google/google-authenticator-libpam

[joe307bad]

Keycloak works with nginx-proxy-manager!

[joe307bad]

Here is also a good tutorial on getting nginx-proxy-manager secured with Authelia.

[jeremy-chua]

IMHO, integration with most IdP will address this. SAML2 will be a common use case. I'm using Azure AD for my hosted applications. MFA can be configured in Azure AD. I believe it will be similar for all IdP.

[apainter2]

I too would love to see NPM support Google Authenticator/2FA.

Especially as I have NPM internet facing on a hosted VPS.

[kennylajara]

Is possible to make use of this Authenticator API implementation to easily integrate: https://github.com/infiniteloopltd/AuthenticatorAPI.com

[meichthys]

@kennylajara could you share how you implemented this?

[rickgitdone]

I also found this on git .. allows 2FA for any Web App.. Integration with any of these into one is a goal I am looking for ... https://github.com/Arno0x/TwoFactorAuth

[LiaraAlis]

I think this is a very important feature. From my point of view this feature should be prioritized higher.

[anasnaguib]

I think this is a very important feature. hope it can be added soon.

[CrooLyyCheck]

Two-Factor authorization would be a very welcomed feature in my book.

To be able to log into nginx-proxy-manager via 2FA as well as being able to provide 2FA for access to hosts - this would vastly improve the security of less secure or non-secure applications hiding behind the nginx proxy.

Something like Authelia should provide a good starting point.

Also access list is good place to implement 2fa auth thru simple page instead HTTP auth form

[github-actions[bot]]

Issue is now considered stale. If you want to keep it open, please comment :+1:

[timnolte]

If 2FA can't be done then implementing OpenID Connect for SSO authentication would be the next best thing.

[james-d-elliott]

It can technically already be integrated for backend apps already, just not the NPM frontend. I think having both would be a good addition however, and fully support the idea of OpenID Connect 1.0, in a lot of ways I prefer it. Me and the other Authelia devs would welcome a collaboration on this as well.