blob: b38cb883c54e3f4eccb4847ef273841eda6f52d0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
---
title: "Requiring Passwords for Webpages (HTTP Authentication)"
date: 2020-07-01
img: 'auth.svg'
tags: ['server']
---
HTTP basic authentication will allow you to secure parts (or all) of
your website with a username and password without the trouble of PHP or
Javascript. This will work with any Nginx server.
## Installation
We will be using the command `htpasswd` to make username and password
pairs.
```sh
apt install apache2-utils
```
The apache utils include a small username-password pair encryption tool.
Like the other tutorials on this site, this tutorial is for Nginx,
**not** for Apache servers.
Now think of a username and password and remember them.
htpasswd -c /etc/nginx/myusers username
The `-c` flag creates a file. You can make the path of this file
anywhere outside of your webroot.
Obviously the username is up to you as well.
Type out your password twice to confirm. You can do this as many times
as you\'d like.
Check out user name password pairs (the password will be securely
hashed):
cat /etc/nginx/myusers
## Nginx Config and Auth Basic
From here, we are going to edit our websites config file in
`/etc/nginx/sites-enabled`. Have in mind which folder you\'d like to
secure. Add something like this:
```nginx
server {
#...
location /secret-folder {
auth_basic "What's the Password?" ;
auth_basic_user_file /etc/nginx/myusers ;
}
#...
}
```
#### Huh?
If you\'re stuck, try finding the line `location / {`
Just below this block is where you should add the custom location block
If you\'d like to do the opposite, such as making the entire site
private except for a public section, do this:
```nginx
server {
#...
auth_basic "What's the Password?" ;
auth_basic_user_file /etc/nginx/myusers ;
location /public/ {
#...
auth_basic off ;
}
#...
}
```
### IP Addresses
If passwords aren\'t enough we can ban an ip or accept one.
```nginx
location /api {
#...
allow 192.168.1.23:8080 ;
deny 127.0.0.1 ;
}
```
If you want to check both a username and password with an ip address,
use the `satisfy` directive.
```nginx
location /api {
#...
satisfy all ;
allow 192.168.1.23:8080 ;
deny 127.0.0.1 ;
auth_basic "What's the Password?" ;
auth_basic_user_file /etc/nginx/myusers ;
}
```
### Complete Example
```nginx
http {
server {
listen 80;
root /var/www/website ;
#...
location /secret-folder {
satisfy all ;
allow 192.168.1.3/24;
deny 127.0.0.1 ;
auth_basic "What's the Password?" ;
auth_basic_user_file /etc/nginx/myusers ;
}
}
}
```
Now check your configuration with `nginx -t`
Reload nginx and you\'re good to go!
|
