Best way to protect an http service with nginx (possibly encryption?)

Hi – I’m an nginx newbie who is looking to maybe use nginx to provide
security for an HTTP service that previously ran in a trusted
but that now needs to run on the open web.
I was thinking of having nginx listen on an arbitrary port, authenticate
requests to the service on that port, then proxy them on to the service.
I guess my first question is – is this a correct use of nginx? My
so far suggests that it is.
And my second question is – what is the best way to achieve this?
I thought maybe encrypting a username and password as part of the
(in a cookie?) and using agentzh might be an approach, but I am rather
of my depth, and would really appreciate any tips or references to docs
that might help we work it all out.
Or if anyone’s read a good book that covers this, that would be a very
appreciated recommendation! :slight_smile:
Thanks very much,