Directive Reference

radius_server

The `radius_server` directive configures RADIUS authentication servers in NGINX for HTTP requests.

HTTP authentication via RADIUS protocol · http
Syntaxradius_server "name" { url "address:port"; secret "shared_secret"; nas_identifier "nas-id"; auth_timeout time; auth_retries number; health_timeout time; health_retries number; queue_size number; }
Defaultnone
Contexthttp
Argumentsblock (1)

Description

The radius_server directive is used to define a block that specifies parameters for a RADIUS authentication server in an NGINX configuration. Within the block, various settings, such as the server's URL, shared secret, and options for request timeouts and retries, can be specified. The directive allows for multiple server configurations, enabling redundancy and load balancing between servers.

Each radius_server block can include the following parameters: url, which designates the address of the RADIUS server; secret, which is the shared secret used for authenticating requests to the server; nas_identifier, an optional parameter for identifying the network access server; auth_timeout, which specifies how long to wait for an authentication response; auth_retries, defining how many retries will be attempted for an authentication request; and health check parameters such as health_timeout and health_retries. These settings are essential for establishing robust authentication mechanisms in web applications hosted on NGINX.

This directive operates within the http context and must be defined before any location blocks that make use of RADIUS authentication. Proper configuration ensures that authentication requests are effectively routed to the designated RADIUS server, and any failures are appropriately handled according to the specified parameters. The directive is a central component for enabling RADIUS-based authentication strategies.

Config Example

radius_server "radius_server_1" { 
    url "127.0.0.1:1812"; 
    secret "secret"; 
    nas_identifier "nas-identifier"; 
    auth_timeout 5s; 
    auth_retries 3; 
    health_timeout 5s; 
    health_retries 1; 
    queue_size 10; 
}

Ensure the RADIUS server is reachable and properly configured to accept requests from NGINX.

Confirm the shared secret matches the configuration of the RADIUS server to prevent authentication failures.

Be cautious with the queue_size parameter; setting it too low can lead to request denial under high load.

Related Directives

radius_serversauth_radiusradius_healthradius_auth
← Back to all directives