added basic auth tutorial (with svg haha)
This commit is contained in:
parent
f22f0fdc29
commit
a17754f641
|
@ -0,0 +1,131 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang=en>
|
||||
<head>
|
||||
<title>HTTP Basic Authentication</title>
|
||||
<meta charset="utf-8"/>
|
||||
<link rel="shortcut icon" href="favicon.ico" type="image/x-icon" />
|
||||
<link rel='stylesheet' type='text/css' href='style.css'>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<link rel='alternate' type='application/rss+xml' title='Land Chad RSS' href='/rss.xml'>
|
||||
</head>
|
||||
<body>
|
||||
<header><h1>Access Control with HTTP Basic Auth</h1></header>
|
||||
<nav></nav>
|
||||
<main>
|
||||
<img src="pix/auth.svg" alt="access control with nginx"/>
|
||||
<p>HTTP basic authentication will allow you to secure parts (or all) of your website with a user name and password without the trouble of php or javascript.</p>
|
||||
|
||||
<h2>Installation</h2>
|
||||
<p>We will be using the command <code>htpasswd</code> to make username and password pairs.</p>
|
||||
<pre><code>apt install apache2-utils</code></pre>
|
||||
<aside>
|
||||
<p>The apache utils has a small username-password pair encryption tool.</p>
|
||||
<p>This tutorial is <strong>not</strong> for apache websites.</p>
|
||||
</aside>
|
||||
|
||||
<p>
|
||||
Now think of a username and password and remember them.
|
||||
</p>
|
||||
|
||||
<pre><code>htpasswd -c /etc/apache2/<strong>myusers</strong> <strong>username</strong></code></pre>
|
||||
<aside>
|
||||
<p>The <code>-c</code> flag creates a file. You can make the path of this file anywhere outside of your webroot.</p>
|
||||
<p>Obviously the username is up to you as well.</p>
|
||||
</aside>
|
||||
<p>
|
||||
Type out your password twice to confirm. You can do this as many times as you'd like.
|
||||
</p>
|
||||
<p>Check out user name password pairs:</p>
|
||||
<pre><code>cat /etc/apache2/<strong>myusers</strong></code></pre>
|
||||
|
||||
<h2>Nginx Config and Auth Basic</h2>
|
||||
<p>
|
||||
From here, we are going to edit our websites config file in <code>/etc/nginx/sites-enabled</code>.
|
||||
Have in mind which folder you'd like to secure. Add something like this:
|
||||
</p>
|
||||
|
||||
<pre><code>server {
|
||||
#...
|
||||
location /<strong>secret-folder </strong> {
|
||||
auth_basic "What's the Password?" ;
|
||||
auth_basic_user_file /etc/apache2/<strong>myusers</strong> ;
|
||||
}
|
||||
#...
|
||||
}</code></pre>
|
||||
<aside>
|
||||
<h4>Huh?</h4>
|
||||
<p>If you're stuck, try finding the line <code>location / {</code></p>
|
||||
<p>Below this block is where you should add the custom location block</p>
|
||||
</aside>
|
||||
|
||||
<p>If you'd like to do the opposite, such as making the entire site private except for a public section, do this:</p>
|
||||
<pre><code>server {
|
||||
#...
|
||||
auth_basic "What's the Password?" ;
|
||||
auth_basic_user_file /etc/apache2/<strong>myusers</strong> ;
|
||||
location /<strong>public</strong>/ {
|
||||
#...
|
||||
auth_basic off ;
|
||||
}
|
||||
#...
|
||||
}</code></pre>
|
||||
<h3>IP Addresses</h3>
|
||||
<p>If passwords aren't enough we can ban an ip or accept one.</p>
|
||||
<pre><code>location /api {
|
||||
#...
|
||||
allow 192.168.1.23:8080 ;
|
||||
deny 127.0.0.1 ;
|
||||
}</code></pre>
|
||||
<p>If you want to check both a username and password with an ip address, use the <code>satisfy</code> directive.</p>
|
||||
<pre><code>location /api {
|
||||
#...
|
||||
satify all ;
|
||||
|
||||
allow 192.168.1.23:8080 ;
|
||||
deny 127.0.0.1 ;
|
||||
|
||||
auth_basic "What's the Password?" ;
|
||||
auth_basic_user_file /etc/apache2/<strong>myusers</strong> ;
|
||||
}</code></pre>
|
||||
<h3>Complete Example</h3>
|
||||
<pre><code>http {
|
||||
server {
|
||||
listen 80;
|
||||
root /var/www/website ;
|
||||
|
||||
#...
|
||||
location /<strong>secret-folder</strong> {
|
||||
satisfy all ;
|
||||
|
||||
allow 192.168.1.3/24;
|
||||
deny 127.0.0.1 ;
|
||||
|
||||
auth_basic "What's the Password?" ;
|
||||
auth_basic_user_file /etc/apache2/<strong>myusers</strong> ;
|
||||
}
|
||||
}
|
||||
}</code></pre>
|
||||
|
||||
<p>
|
||||
Now check your configuration with <code>nginx -t</code>
|
||||
</p>
|
||||
|
||||
<p>Reload nginx and you're good to go!</p>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<strong>Contributor</strong> - <a href="https://tomfasano.xyz" target="_blank">tomfasano.xyz</a>
|
||||
|
||||
|
||||
</main>
|
||||
<footer><a href="https://landchad.net">LandChad.net</a></br>Because Everyone should be an Internet LandChad.</br><li><a href="index.html"><img src="pix/chad.gif" alt="chad"></a></li><li><a href="rss.xml"><img src="pix/rss.svg" alt="RSS"></a></li><li><a href="pix/btc.png"><img src="pix/btc.svg" alt="BTC"></a></li><li><a href="pix/xmr.png"><img src="pix/xmr.svg" alt="XMR"></a></li><li><a href="https://github.com/lukesmithxyz/landchad"><img src="pix/git.svg" alt="Github"></a></footer>
|
||||
</body>
|
||||
</html>
|
File diff suppressed because it is too large
Load Diff
After Width: | Height: | Size: 108 KiB |
Loading…
Reference in New Issue