auth_totp_realm
Defines a realm name for TOTP authentication in NGINX, displayed in the authentication prompt.
Description
The auth_totp_realm directive specifies the realm name used during Time-based One-Time Password (TOTP) authentication prompts. This realm serves as a label for the authentication request, providing context to users regarding the resource they are attempting to access. When a user attempts to authenticate, the realm name appears in the authentication dialog presented by their browser, helping users identify the service requesting the credentials.
This directive can be placed in various contexts including http, server, location, and limit_except, allowing flexibility on where authentication is applied within the NGINX configuration. By setting the realm, server administrators can customize the user experience during the authentication process, making it clear what credentials are required and for which resource. The realm can be set to any string, giving administrators the freedom to label their services according to their organizational standards or security policies.
Config Example
server {
listen 80;
location /protected {
auth_totp_realm "Protected";
auth_totp_file /etc/nginx/totp.conf;
auth_totp_length 8;
auth_totp_reuse off;
auth_totp_skew 1;
auth_totp_step 1m;
auth_totp_cookie "totp-session";
auth_totp_expiry 1d;
}
}Ensure that the realm name is descriptive to avoid user confusion during the authentication process.
Not specifying the realm may lead to a generic authentication prompt that lacks context for the end user.