Securing an Unsecured app with opensource tools

Sometimes we want/need to use web applications that we can not trust.
Whether this is due to not wanting to open up the application to all the evils of the internet or because we do not trust or can not use the authentication methods it has.

We can securely host this application with a combination of open source software.
I will go over a combination of OpenId Connect, Drupal, Openresty and an insecure app to showcase how we can do this and what advantages it offers.