added basic auth tutorial (with svg haha)

2021-06-30 20:25:11 -04:00 · 2021-06-30 20:25:11 -04:00 · a17754f641
parent f22f0fdc29
commit a17754f641
3 changed files with 1593 additions and 1 deletions
--- a/auth.html
+++ b/auth.html
@ -0,0 +1,131 @@
+<!DOCTYPE html>
+<html lang=en>
+    <head>
+        <title>HTTP Basic Authentication</title>
+        <meta charset="utf-8"/>
+        <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" />
+        <link rel='stylesheet' type='text/css' href='style.css'>
+        <meta name="viewport" content="width=device-width, initial-scale=1">
+        <link rel='alternate' type='application/rss+xml' title='Land Chad RSS' href='/rss.xml'>
+    </head>
+<body>
+    <header><h1>Access Control with HTTP Basic Auth</h1></header>
+    <nav></nav>
+    <main>
+        <img src="pix/auth.svg" alt="access control with nginx"/>
+        <p>HTTP basic authentication will allow you to secure parts (or all) of your website with a user name and password without the trouble of php or javascript.</p>
+
+        <h2>Installation</h2>
+        <p>We will be using the command <code>htpasswd</code> to make username and password pairs.</p>
+        <pre><code>apt install apache2-utils</code></pre>
+        <aside>
+            <p>The apache utils has a small username-password pair encryption tool.</p>
+            <p>This tutorial is <strong>not</strong> for apache websites.</p>
+        </aside>
+
+        <p>
+        Now think of a username and password and remember them.
+        </p>
+
+        <pre><code>htpasswd -c /etc/apache2/<strong>myusers</strong> <strong>username</strong></code></pre>
+        <aside>
+            <p>The <code>-c</code> flag creates a file. You can make the path of this file anywhere outside of your webroot.</p>
+            <p>Obviously the username is up to you as well.</p>
+        </aside>
+        <p>
+        Type out your password twice to confirm. You can do this as many times as you'd like.
+        </p>
+        <p>Check out user name password pairs:</p>
+        <pre><code>cat /etc/apache2/<strong>myusers</strong></code></pre>
+
+        <h2>Nginx Config and Auth Basic</h2>
+        <p>
+        From here, we are going to edit our websites config file in <code>/etc/nginx/sites-enabled</code>.
+        Have in mind which folder you'd like to secure. Add something like this:
+        </p>
+
+        <pre><code>server {
+    #...
+    location /<strong>secret-folder </strong> {
+        auth_basic "What's the Password?" ;
+        auth_basic_user_file /etc/apache2/<strong>myusers</strong> ;
+    }
+    #...
+}</code></pre>
+        <aside>
+            <h4>Huh?</h4>
+            <p>If you're stuck, try finding the line <code>location / {</code></p>
+            <p>Below this block is where you should add the custom location block</p>
+        </aside>
+
+        <p>If you'd like to do the opposite, such as making the entire site private except for a public section, do this:</p>
+        <pre><code>server {
+    #...
+    auth_basic "What's the Password?" ;
+    auth_basic_user_file /etc/apache2/<strong>myusers</strong> ;
+    location /<strong>public</strong>/ {
+        #...
+        auth_basic off ;
+    }
+    #...
+}</code></pre>
+        <h3>IP Addresses</h3>
+        <p>If passwords aren't enough we can ban an ip or accept one.</p>
+        <pre><code>location /api {
+    #...
+    allow 192.168.1.23:8080 ;
+    deny 127.0.0.1 ;
+}</code></pre>
+        <p>If you want to check both a username and password with an ip address, use the <code>satisfy</code> directive.</p>
+        <pre><code>location /api {
+    #...
+    satify all ;
+
+    allow 192.168.1.23:8080 ;
+    deny 127.0.0.1 ;
+
+    auth_basic "What's the Password?" ;
+    auth_basic_user_file /etc/apache2/<strong>myusers</strong> ;
+}</code></pre>
+        <h3>Complete Example</h3>
+        <pre><code>http {
+    server {
+        listen 80;
+        root /var/www/website ;
+
+        #...
+        location /<strong>secret-folder</strong> {
+            satisfy all ;
+
+            allow 192.168.1.3/24;
+            deny 127.0.0.1 ;
+
+            auth_basic "What's the Password?" ;
+            auth_basic_user_file /etc/apache2/<strong>myusers</strong> ;
+        }
+    }
+}</code></pre>
+
+        <p>
+        Now check your configuration with <code>nginx -t</code>
+        </p>
+
+        <p>Reload nginx and you're good to go!</p>
+
+
+
+
+
+
+
+
+
+
+
+        <strong>Contributor</strong>  -  <a href="https://tomfasano.xyz" target="_blank">tomfasano.xyz</a>
+
+
+    </main>
+	<footer><a href="https://landchad.net">LandChad.net</a></br>Because Everyone should be an Internet LandChad.</br><li><a href="index.html"><img src="pix/chad.gif" alt="chad"></a></li><li><a href="rss.xml"><img src="pix/rss.svg" alt="RSS"></a></li><li><a href="pix/btc.png"><img src="pix/btc.svg" alt="BTC"></a></li><li><a href="pix/xmr.png"><img src="pix/xmr.svg" alt="XMR"></a></li><li><a href="https://github.com/lukesmithxyz/landchad"><img src="pix/git.svg" alt="Github"></a></footer>
+</body>
+</html>
--- a/pix/auth.svg
+++ b/pix/auth.svg
--- a/tor.html
+++ b/tor.html
@ -41,7 +41,7 @@
            HiddenServiceDir line.</p>
        </aside>

-        <p>Now restart tor</p>
+        <p>Now start and enable tor at boot</p>
        <pre><code> systemctl enable --now tor </code></pre>

        <p>If the next command outputs <q>active</q> in green you're golden!</p>