SSO like hack using Nextcloud to protect other webapps on nginx


I have the situation where nextcloud is installed on a webserver along with other tools:

  • path: /nextcloud The Nextcloud instance
  • path: /grafana A grafana instance
  • path: /media some other stuff

My goal is to protect the other URLs using the login from Nextcloud.

I built a very small nextcloud-app that:

  • changes the cookie path to /
  • provides an GET endpoint checking if the user is authenticated

Then nginx uses auth_request against this new endpoint to authorize every request to the other apps (yes this impairs performance a bit).

If you are interested please have a look: Feedback is welcome.

I’m not experienced with Nextcloud and open for suggestions and especially security hints.

Kind regards, yves