Watch 8 Star 14 Fork 2

吴强强 / nginx-jwt-moduleCMIT

Create your Gitee Account
Explore and code with more than 5 million developers,Free private repositories !:)
Sign up
NGINX module to check for a valid JWT. spread retract

  • C 60.5%
  • Shell 31.1%
  • Dockerfile 6.8%
  • Makefile 1.6%
Clone or download
Notice: Creating folder will generate an empty file .keep, because not support in Git

Ningx JSON Web Token Auth Module

  • Example Configuration:
server {
    auth_jwt_key "0123456789abcdef" hex; # Your key as hex string
    auth_jwt     off;

    location /secured-by-cookie/ {
        auth_jwt $cookie_MyCookieName;

    location /secured-by-auth-header/ {
        auth_jwt on;

    location /secured-by-auth-header-too/ {
        auth_jwt_key "another-secret"; # Your key as utf8 string
        auth_jwt on;

    location /secured-by-rsa-key/ {
        auth_jwt_key /etc/keys/rsa-public.pem file; # Your key from a PEM file
        auth_jwt on;

    location /not-secure/ {}

Note: don't forget to load the module in the main context:
load_module /usr/lib/nginx/modules/;

  • Directives:

    Syntax: auth_jwt $variable | on | off; Default: auth_jwt off; Context: http, server, location

Enables validation of JWT.

Syntax:	 auth_jwt_key value [encoding];
Default: ——
Context: http, server, location

Specifies the key for validating JWT signature (must be hexadecimal).
The encoding otpion may be hex | utf8 | base64 | file (default is utf8).
The file option requires the value to be a valid file path (pointing to a PEM encoded key).

Syntax:	 auth_jwt_alg any | HS256 | HS384 | HS512 | RS256 | RS384 | RS512 | ES256 | ES384 | ES512;
Default: auth_jwt_alg any;
Context: http, server, location

Specifies which algorithm the server expects to receive in the JWT.

  • Build: This module is built inside a docker container, from the nginx-alpine image.
./ # Will create a "jwt-nginx" (Dockerfile)
  • Test:

Default usage:

./ # Will create a "jwt-nginx-test" image (from test-image/Dockerfile) based on the "jwt-nginx" one.

Set image name:

./ your-image-to-test


./ jwt-nginx-s1 # tests the development image

Use current container:

./ --current my-container


# In a first terminal:
docker run --rm --name my-test-container -p 8000:8000 jwt-nginx-test

# In a second one:
./ --current my-test-container

Comments ( 8 )

Sign in for post a comment



231008 48f1a665 1899542 231017 9a6720c6 1899542