starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 17:35:52 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #313] Two-Factor Auth #279

New issue
Closed
opened 2026-02-26 06:31:59 +03:00 by kerem · 39 comments
kerem commented 2026-02-26 06:31:59 +03:00
Owner
Copy link

Originally created by @meichthys on GitHub (Mar 2, 2020).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/313

Two-Factor authorization would be a very welcomed feature in my book.

To be able to log into nginx-proxy-manager via 2FA as well as being able to provide 2FA for access to hosts - this would vastly improve the security of less secure or non-secure applications hiding behind the nginx proxy.

Something like Authelia should provide a good starting point.

Originally created by @meichthys on GitHub (Mar 2, 2020). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/313 Two-Factor authorization would be a very welcomed feature in my book. To be able to log into nginx-proxy-manager via 2FA as well as being able to provide 2FA for access to hosts - this would vastly improve the security of less secure or non-secure applications hiding behind the nginx proxy. Something like [Authelia](https://docs.authelia.com/deployment/supported-proxies/nginx.html) should provide a good starting point.
kerem 2026-02-26 06:31:59 +03:00
kerem commented 2026-02-26 06:31:59 +03:00
Author
Owner
Copy link

@arejaytee commented on GitHub (Mar 8, 2020):

+1 on this or implementing https://github.com/jc21/nginx-proxy-manager/issues/137

<!-- gh-comment-id:596187694 --> @arejaytee commented on GitHub (Mar 8, 2020): +1 on this or implementing https://github.com/jc21/nginx-proxy-manager/issues/137
kerem commented 2026-02-26 06:31:59 +03:00
Author
Owner
Copy link

@Rami-Pastrami commented on GitHub (Mar 21, 2020):

Noting https://github.com/authelia/authelia for being maintained actively currently, and having more features

<!-- gh-comment-id:602071203 --> @Rami-Pastrami commented on GitHub (Mar 21, 2020): Noting https://github.com/authelia/authelia for being maintained actively currently, and having more features
kerem commented 2026-02-26 06:31:59 +03:00
Author
Owner
Copy link

@KamistixX commented on GitHub (Apr 15, 2020):

Authelia integration would be a massive feature

<!-- gh-comment-id:614329472 --> @KamistixX commented on GitHub (Apr 15, 2020): Authelia integration would be a massive feature
kerem commented 2026-02-26 06:31:59 +03:00
Author
Owner
Copy link

@james-d-elliott commented on GitHub (May 1, 2020):

One of the maintainers of Authelia here. We'd be willing to do some form of collab to help with this. Particularly with the access to the hosts section as that is the easiest part. I also think this would actually address a few of your issues all at once (I'll try to compile a list later and the reasons why).

Ideally if we did it I think the ideal place to do it is in the access tab as an alternate provider to the HTTP basic auth. Also it shouldn't be limited to Authelia in my opinion, people should be able to configure all aspects of the ngx_http_auth_request_module.

Authelia docs.

<!-- gh-comment-id:622602776 --> @james-d-elliott commented on GitHub (May 1, 2020): One of the maintainers of Authelia here. We'd be willing to do some form of collab to help with this. Particularly with the access to the hosts section as that is the easiest part. I also think this would actually address a few of your issues all at once (I'll try to compile a list later and the reasons why). Ideally if we did it I think the ideal place to do it is in the access tab as an alternate provider to the HTTP basic auth. Also it shouldn't be limited to Authelia in my opinion, people should be able to configure all aspects of the [ngx_http_auth_request_module](http://nginx.org/en/docs/http/ngx_http_auth_request_module.html). [Authelia docs](https://docs.authelia.com/deployment/supported-proxies/nginx.html).
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@KittyKatt commented on GitHub (May 7, 2020):

This would actually bring me back to nginx-proxy-manager over some other solution as there's no other solution with as easy of a point and click interface as this, but vanilla nginx supports this with Authelia's guide so I've been sticking with that.

<!-- gh-comment-id:625006143 --> @KittyKatt commented on GitHub (May 7, 2020): This would actually bring me back to nginx-proxy-manager over some other solution as there's no other solution with as easy of a point and click interface as this, but vanilla nginx supports this with Authelia's guide so I've been sticking with that.
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@Rami-Pastrami commented on GitHub (May 20, 2020):

TBH I would even be happy for a guide to add Authelia to NginxProxyManager

<!-- gh-comment-id:631757933 --> @Rami-Pastrami commented on GitHub (May 20, 2020): TBH I would even be happy for a guide to add Authelia to NginxProxyManager
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@lazee486 commented on GitHub (May 30, 2020):

+1 I opened a request for voucher-proxy or keycloak before I found this one, but any route he goes with I'd be willing to try :) his interface is one of the best I've found for homelab!

<!-- gh-comment-id:636289075 --> @lazee486 commented on GitHub (May 30, 2020): +1 I opened a request for voucher-proxy or keycloak before I found this one, but any route he goes with I'd be willing to try :) his interface is one of the best I've found for homelab!
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@zero77 commented on GitHub (Nov 25, 2020):

Google provide a 2FA module that can be integrated with protocols like SSH and OpenVPN.
https://github.com/google/google-authenticator-libpam

<!-- gh-comment-id:733677574 --> @zero77 commented on GitHub (Nov 25, 2020): Google provide a 2FA module that can be integrated with protocols like SSH and OpenVPN. https://github.com/google/google-authenticator-libpam
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@joe307bad commented on GitHub (Dec 6, 2020):

Keycloak works with nginx-proxy-manager!

<!-- gh-comment-id:739553037 --> @joe307bad commented on GitHub (Dec 6, 2020): [Keycloak works with `nginx-proxy-manager`!](https://github.com/jc21/nginx-proxy-manager/pull/753#issuecomment-739552690)
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@joe307bad commented on GitHub (Dec 6, 2020):

Here is also a good tutorial on getting nginx-proxy-manager secured with Authelia.

<!-- gh-comment-id:739553232 --> @joe307bad commented on GitHub (Dec 6, 2020): [Here is also a good tutorial](https://github.com/ibracorp/authelia) on getting `nginx-proxy-manager` secured with Authelia.
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@jeremy-chua commented on GitHub (May 22, 2021):

IMHO, integration with most IdP will address this. SAML2 will be a common use case.
I'm using Azure AD for my hosted applications. MFA can be configured in Azure AD. I believe it will be similar for all IdP.

<!-- gh-comment-id:846366356 --> @jeremy-chua commented on GitHub (May 22, 2021): IMHO, integration with most IdP will address this. SAML2 will be a common use case. I'm using Azure AD for my hosted applications. MFA can be configured in Azure AD. I believe it will be similar for all IdP.
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@apainter2 commented on GitHub (May 27, 2021):

I too would love to see NPM support Google Authenticator/2FA.

Especially as I have NPM internet facing on a hosted VPS.

<!-- gh-comment-id:849532194 --> @apainter2 commented on GitHub (May 27, 2021): I too would love to see NPM support Google Authenticator/2FA. Especially as I have NPM internet facing on a hosted VPS.
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@kennylajara commented on GitHub (Jun 21, 2021):

Is possible to make use of this Authenticator API implementation to easily integrate:
https://github.com/infiniteloopltd/AuthenticatorAPI.com

<!-- gh-comment-id:865330992 --> @kennylajara commented on GitHub (Jun 21, 2021): Is possible to make use of this Authenticator API implementation to easily integrate: https://github.com/infiniteloopltd/AuthenticatorAPI.com
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@meichthys commented on GitHub (Mar 12, 2022):

@kennylajara could you share how you implemented this?

<!-- gh-comment-id:1065937770 --> @meichthys commented on GitHub (Mar 12, 2022): @kennylajara could you share how you implemented this?
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@rickgitdone commented on GitHub (May 19, 2023):

I also found this on git .. allows 2FA for any Web App.. Integration with any of these into one is a goal I am looking for ...
https://github.com/Arno0x/TwoFactorAuth

<!-- gh-comment-id:1554547876 --> @rickgitdone commented on GitHub (May 19, 2023): I also found this on git .. allows 2FA for any Web App.. Integration with any of these into one is a goal I am looking for ... https://github.com/Arno0x/TwoFactorAuth
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@LiaraAlis commented on GitHub (Aug 15, 2023):

I think this is a very important feature. From my point of view this feature should be prioritized higher.

<!-- gh-comment-id:1678625981 --> @LiaraAlis commented on GitHub (Aug 15, 2023): I think this is a very important feature. From my point of view this feature should be prioritized higher.
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@anasnaguib commented on GitHub (Aug 15, 2023):

I think this is a very important feature. hope it can be added soon.

<!-- gh-comment-id:1679596933 --> @anasnaguib commented on GitHub (Aug 15, 2023): I think this is a very important feature. hope it can be added soon.
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@CrooLyyCheck commented on GitHub (Oct 3, 2023):

Two-Factor authorization would be a very welcomed feature in my book.

To be able to log into nginx-proxy-manager via 2FA as well as being able to provide 2FA for access to hosts - this would vastly improve the security of less secure or non-secure applications hiding behind the nginx proxy.

Something like Authelia should provide a good starting point.

Also access list is good place to implement 2fa auth thru simple page instead HTTP auth form

<!-- gh-comment-id:1745250611 --> @CrooLyyCheck commented on GitHub (Oct 3, 2023): > Two-Factor authorization would be a very welcomed feature in my book. > > To be able to log into nginx-proxy-manager via 2FA as well as being able to provide 2FA for access to hosts - this would vastly improve the security of less secure or non-secure applications hiding behind the nginx proxy. > > Something like [Authelia](https://docs.authelia.com/deployment/supported-proxies/nginx.html) should provide a good starting point. Also access list is good place to implement 2fa auth thru simple page instead HTTP auth form
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (May 24, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:2128342056 --> @github-actions[bot] commented on GitHub (May 24, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@timnolte commented on GitHub (May 24, 2024):

If 2FA can't be done then implementing OpenID Connect for SSO authentication would be the next best thing.

<!-- gh-comment-id:2128364080 --> @timnolte commented on GitHub (May 24, 2024): If 2FA can't be done then implementing OpenID Connect for SSO authentication would be the next best thing.
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@james-d-elliott commented on GitHub (May 24, 2024):

It can technically already be integrated for backend apps already, just not the NPM frontend. I think having both would be a good addition however, and fully support the idea of OpenID Connect 1.0, in a lot of ways I prefer it. Me and the other Authelia devs would welcome a collaboration on this as well.

<!-- gh-comment-id:2128510312 --> @james-d-elliott commented on GitHub (May 24, 2024): It can technically already be integrated for backend apps already, just not the NPM frontend. I think having both would be a good addition however, and fully support the idea of OpenID Connect 1.0, in a lot of ways I prefer it. Me and the other Authelia devs would welcome a collaboration on this as well.
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@woliver99 commented on GitHub (Jul 28, 2024):

+1 I would like to see this implemented

<!-- gh-comment-id:2254324557 --> @woliver99 commented on GitHub (Jul 28, 2024): +1 I would like to see this implemented
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@lazee486 commented on GitHub (Aug 10, 2024):

having to restrict the ip range that can access port 81 works, the number of homelabbers or people who spin this up on vps...a bit better security for the management interface would be good,

<!-- gh-comment-id:2281782879 --> @lazee486 commented on GitHub (Aug 10, 2024): having to restrict the ip range that can access port 81 works, the number of homelabbers or people who spin this up on vps...a bit better security for the management interface would be good,
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@jhedfors commented on GitHub (Feb 1, 2025):

+1 for implementation of basic 2FA would be awesome!

<!-- gh-comment-id:2628920651 --> @jhedfors commented on GitHub (Feb 1, 2025): +1 for implementation of basic 2FA would be awesome!
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@ISnotes commented on GitHub (Feb 8, 2025):

+1

<!-- gh-comment-id:2644739096 --> @ISnotes commented on GitHub (Feb 8, 2025): +1
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@theJoshMuller commented on GitHub (Mar 14, 2025):

+1 Another vote for 2FA / TOTP

<!-- gh-comment-id:2725837003 --> @theJoshMuller commented on GitHub (Mar 14, 2025): +1 Another vote for 2FA / TOTP
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@WorstPIlot commented on GitHub (Mar 29, 2025):

  • 1 for 2FA, i think it could make this project the best around
<!-- gh-comment-id:2763303440 --> @WorstPIlot commented on GitHub (Mar 29, 2025): + 1 for 2FA, i think it could make this project the best around
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@VslVictor7 commented on GitHub (Apr 8, 2025):

+1

<!-- gh-comment-id:2787568251 --> @VslVictor7 commented on GitHub (Apr 8, 2025): +1
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@hdm-benni commented on GitHub (May 5, 2025):

+1

<!-- gh-comment-id:2851878330 --> @hdm-benni commented on GitHub (May 5, 2025): +1
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@Anatr0p commented on GitHub (Jul 28, 2025):

+1

<!-- gh-comment-id:3127472688 --> @Anatr0p commented on GitHub (Jul 28, 2025): +1
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@SocketSomeone commented on GitHub (Jul 29, 2025):

+1

<!-- gh-comment-id:3133436423 --> @SocketSomeone commented on GitHub (Jul 29, 2025): +1
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@VslVictor7 commented on GitHub (Jul 29, 2025):

Honestly at this point its just really sad. Nginx is a service that needs good protection. This should be addressed

<!-- gh-comment-id:3133580151 --> @VslVictor7 commented on GitHub (Jul 29, 2025): Honestly at this point its just really sad. Nginx is a service that needs good protection. This should be addressed
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@james-d-elliott commented on GitHub (Jul 30, 2025):

I think an entirely practical solution that's relatively easy to implement for the developers, and likely sufficient for most users is to allow them to easily disable auth and include an authentication snippet for the admin UI for example via auth_request similar to the below examples:

authelia-location.conf
authelia-authrequest.conf
proxy.conf

example usage (see the nextcloud example)

The advantage is that you can delegate auth rather than having to implement it directly.

<!-- gh-comment-id:3134988571 --> @james-d-elliott commented on GitHub (Jul 30, 2025): I think an entirely practical solution that's relatively easy to implement for the developers, and likely sufficient for most users is to allow them to easily disable auth and include an authentication snippet for the admin UI for example via `auth_request` similar to the below examples: [authelia-location.conf](https://www.authelia.com/integration/proxies/nginx/#authelia-locationconf) [authelia-authrequest.conf](https://www.authelia.com/integration/proxies/nginx/#authelia-authrequestconf) [proxy.conf](https://www.authelia.com/integration/proxies/nginx/#proxyconf) [example usage (see the nextcloud example)](https://www.authelia.com/integration/proxies/nginx/#standard-example) The advantage is that you can delegate auth rather than having to implement it directly.
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@acutbal commented on GitHub (Aug 17, 2025):

Another +1 vote for 2FA / TOTP...

Regards.

<!-- gh-comment-id:3194466762 --> @acutbal commented on GitHub (Aug 17, 2025): Another +1 vote for 2FA / TOTP... Regards.
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@dmbuil commented on GitHub (Sep 3, 2025):

+1

<!-- gh-comment-id:3250802293 --> @dmbuil commented on GitHub (Sep 3, 2025): +1
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@ArkhLink commented on GitHub (Sep 19, 2025):

+1

<!-- gh-comment-id:3312819151 --> @ArkhLink commented on GitHub (Sep 19, 2025): +1
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@kverstoep commented on GitHub (Oct 18, 2025):

+1

<!-- gh-comment-id:3419064917 --> @kverstoep commented on GitHub (Oct 18, 2025): +1
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@kpleines commented on GitHub (Feb 9, 2026):

+1

<!-- gh-comment-id:3873666301 --> @kpleines commented on GitHub (Feb 9, 2026): +1
kerem commented 2026-02-26 06:32:00 +03:00
Author
Owner
Copy link

@jc21 commented on GitHub (Feb 11, 2026):

This is done as of v2.13.6

<!-- gh-comment-id:3881377899 --> @jc21 commented on GitHub (Feb 11, 2026): This is done as of [v2.13.6](https://github.com/NginxProxyManager/nginx-proxy-manager/releases/tag/v2.13.6)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#279
No description provided.