shmick/wiki
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

docs: add all untracked content

Browse Source
This commit is contained in:
Matan Horovitz
2022-04-30 23:14:42 +03:00
parent c32feec22b
commit c83b847568
24 changed files with 1314 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
nginx_password.md Normal file
View File

@@ -0,0 +1,54 @@
---
title: Securing Nginx pages with a password
description: Short guide on securing pages behind a reverse proxy with a web-server based password. Useful for containers without authentication support.
published: true
date: 2022-04-30T20:10:53.225Z
tags: config, nginx
editor: markdown
dateCreated: 2021-08-26T20:29:51.514Z
---
# Securing Nginx pages with a password
Hiding every site behind a secure password is quite easy with nginx.
> As it turns out, Nginx (and web servers in general) only support rather old hashing protocols.
While probably sufficient with SSL, **use other solutions, like builtins (or better yet, Authelia) where possible**.
And if you do use this method, **use a strong password!**
{.is-danger}
## Create authentication file
First, from the web servers directory (in our case, the `swag` containers directory, create an `.htpasswd` file with the user youd like to authenticate with, like so:
`sh -c "echo -n 'shmick:'" > /Red-Vol/Media/Containers/swag/config/nginx/.htpasswd`
> This command will overwrite any previous credentials in this file, if it exists.
{.is-warning}
## Generate and salt a password
You can use `openssl` to generate the password:
`sh -c "openssl passwd -apr1" >> /Red-Vol/Media/Containers/swag/config/nginx/.htpasswd`
This will prompt you to enter and confirm a password, and will output a hash into the `.htpasswd` file.
## Point webpage to authentication file
By default, sites wont reach for the file to authenticate. To point a site to authenticate using the file, youll need to add the following in their configuration:
```plaintext
location / {
# enable the next two lines for http auth
auth_basic "Restricted";
# ^ Message displayed in pop-up window
auth_basic_user_file /config/nginx/.htpasswd;
```
> You may need to restart nginx for the configuration to take effect.
{.is-info}
## All done!
Finally, you should see a pop up when you browse to the site:
![](/nginx_auth.png)
Example pop-up window