ben/diyhosting
ben
/
diyhosting
1
0
Fork 1
Code Issues 1 Pull Requests Projects Releases Wiki Activity
diyhosting/auth.html

119 lines
4.1 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<html lang=en>
<head>
<title>Requiring Passwords for Webpages (HTTP Authentication) &ndash; diyhosting.bhh.sh</title>
<<!--# include file=".nav.html" -->
</head>
<body>
<header><h1>Requiring Passwords for Webpages</h1></header>
<nav></nav>
<main>
<img class=titleimg src="pix/auth.svg" alt="access control with nginx"/>
<p>HTTP basic authentication will allow you to secure parts (or all) of your website with a username and password without the trouble of PHP or Javascript.
This will work with any Nginx server.
</p>
<h2>Installation</h2>
<p>We will be using the command <code>htpasswd</code> to make username and password pairs.</p>
<pre><code>apt install apache2-utils</code></pre>
<aside>
<p>The apache utils include a small username-password pair encryption tool.</p>
<p>Like the other tutorials on this site, this tutorial is for Nginx, <strong>not</strong> for Apache servers.</p>
</aside>
<p>
Now think of a username and password and remember them.
</p>
<pre><code>htpasswd -c /etc/nginx/<strong>myusers</strong> <strong>username</strong></code></pre>
<aside>
<p>The <code>-c</code> flag creates a file. You can make the path of this file anywhere outside of your webroot.</p>
<p>Obviously the username is up to you as well.</p>
</aside>
<p>
Type out your password twice to confirm. You can do this as many times as you'd like.
</p>
<p>Check out user name password pairs (the password will be securely hashed):</p>
<pre><code>cat /etc/nginx/<strong>myusers</strong></code></pre>
<h2>Nginx Config and Auth Basic</h2>
<p>
From here, we are going to edit our websites config file in <code>/etc/nginx/sites-enabled</code>.
Have in mind which folder you'd like to secure. Add something like this:
</p>
<pre><code>server {
#...
location /<strong>secret-folder </strong> {
auth_basic "What's the Password?" ;
auth_basic_user_file /etc/nginx/<strong>myusers</strong> ;
}
#...
}</code></pre>
<aside>
<h4>Huh?</h4>
<p>If you're stuck, try finding the line <code>location / {</code></p>
<p>Just below this block is where you should add the custom location block</p>
</aside>
<p>If you'd like to do the opposite, such as making the entire site private except for a public section, do this:</p>
<pre><code>server {
#...
auth_basic "What's the Password?" ;
auth_basic_user_file /etc/nginx/<strong>myusers</strong> ;
location /<strong>public</strong>/ {
#...
auth_basic off ;
}
#...
}</code></pre>
<h3>IP Addresses</h3>
<p>If passwords aren't enough we can ban an ip or accept one.</p>
<pre><code>location /api {
#...
allow 192.168.1.23:8080 ;
deny 127.0.0.1 ;
}</code></pre>
<p>If you want to check both a username and password with an ip address, use the <code>satisfy</code> directive.</p>
<pre><code>location /api {
#...
satisfy all ;
allow 192.168.1.23:8080 ;
deny 127.0.0.1 ;
auth_basic "What's the Password?" ;
auth_basic_user_file /etc/nginx/<strong>myusers</strong> ;
}</code></pre>
<h3>Complete Example</h3>
<pre><code>http {
server {
listen 80;
root /var/www/website ;
#...
location /<strong>secret-folder</strong> {
satisfy all ;
allow 192.168.1.3/24;
deny 127.0.0.1 ;
auth_basic "What's the Password?" ;
auth_basic_user_file /etc/nginx/<strong>myusers</strong> ;
}
}
}</code></pre>
<p>
Now check your configuration with <code>nginx -t</code>
</p>
<p>Reload nginx and you're good to go!</p>
<strong>Contributor</strong> - <a href="https://tomfasano.co" target="_blank">tomfasano.co</a>
</main>
<!--# include file=".footer.html" -->
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink