I am running Ubuntu 16.04 LTS. On this, openresty is in place as ngingx reverse proxy. The content behind is password protected and user specific. So users gets one or many subdomain(s) of their own any may only access these subdomains. It needs to be made sure that they can not access any other ressources, that they are not permitted to access. This mapping can be provided based on a database. I have been using Basic auth so far, and authenticated users against a MySQL Database.
I want to increase security, and implement alternative authentication options. It should be possible to authenticate using the Google Authenticator and using facebook. It would be great if other OAuth2 compatible providers could be added, like this is done e.g. on [url removed, login to view] If you can implement an SMS authentication would be a big bonus. My current routines used lua scripting and caching to memcache. This is somehow outdated, and it needs to be rewritten, too. So the new server has a local redis installation, that could be used for caching. The perfect solution would allow for a transparent choice of the authentication mechanism. So when the user provides basic auth, use and process this one. If not, bring up a screen showing the available options like google, facebook etc. When the user has successfully authenticated, I need his username and the ressource accessed back in nginx / lua variables, as I need to route the user according to this.
You will set up a Ubuntu 16.04. server for development or work on a VM I provide access to. Your choice. You will build a working reverse proxy solution meeting the requirements stated above. First milestone will be access to a working solution, second milestone will be everything working on my server.