So, I was bored of using authbasic because there’s a million ways to intercept the passcodes. However, there’s some OTP methods that are always capable of working. To that end, there is a Yubikey auth module which works on NGINX Stable.
This kind of helps deal with the need for auth_basic, and actually helps with me, because I can secure my sites with a still-basic auth mechanism that uses a Yubikey for authentication.
Currently, the working code for 1.6.x is in the ‘compile-fix`’ branch on Github, but it works as intended. As well, I’ve made a separate PPA containing the nginx-stable builds from the NGINX PPAs, plus the Yubikey auth module for all binary variants. It makes nginx-light a little less light, but it still adds what I consider the brilliance of Yubikey OTP authentication.
NOTE: Your Yubikeys that you configure must all be on the YubiCloud system for OTP authentication to work. This is because the module uses the Yubico OTP verification/cloud system for code verification.