2.0 KiB
title, description, published, date, tags, editor, dateCreated
| title | description | published | date | tags | editor | dateCreated |
|---|---|---|---|---|---|---|
| Securing Nginx pages with a password | Short guide on securing pages behind a reverse proxy with a web-server based password. Useful for containers without authentication support. | true | 2022-04-30T20:10:53.225Z | config, nginx | markdown | 2021-08-26T20:29:51.514Z |
Securing Nginx pages with a password
Hiding every site behind a secure password is quite easy with nginx.
As it turns out, Nginx (and web servers in general) only support rather old hashing protocols. While probably sufficient with SSL, use other solutions, like builtins (or better yet, Authelia) where possible. And if you do use this method, use a strong password! {.is-danger}
Create authentication file
First, from the web server’s directory (in our case, the swag container’s directory, create an .htpasswd file with the user you’d like to authenticate with, like so:
sh -c "echo -n 'shmick:'" > /Red-Vol/Media/Containers/swag/config/nginx/.htpasswd
This command will overwrite any previous credentials in this file, if it exists. {.is-warning}
Generate and salt a password
You can use openssl to generate the password:
sh -c "openssl passwd -apr1" >> /Red-Vol/Media/Containers/swag/config/nginx/.htpasswd
This will prompt you to enter and confirm a password, and will output a hash into the .htpasswd file.
Point webpage to authentication file
By default, sites won’t reach for the file to authenticate. To point a site to authenticate using the file, you’ll need to add the following in their configuration:
location / {
# enable the next two lines for http auth
auth_basic "Restricted";
# ^ Message displayed in pop-up window
auth_basic_user_file /config/nginx/.htpasswd;
You may need to restart nginx for the configuration to take effect. {.is-info}
All done!
Finally, you should see a pop up when you browse to the site:
Example pop-up window