shmick/wiki
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
master
wiki/nginx_password.md

54 lines
2.0 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: Securing Nginx pages with a password
description: Short guide on securing pages behind a reverse proxy with a web-server based password. Useful for containers without authentication support.
published: true
date: 2022-04-30T20:10:53.225Z
tags: config, nginx
editor: markdown
dateCreated: 2021-08-26T20:29:51.514Z
---
# Securing Nginx pages with a password
Hiding every site behind a secure password is quite easy with nginx.
> As it turns out, Nginx (and web servers in general) only support rather old hashing protocols.
While probably sufficient with SSL, **use other solutions, like builtins (or better yet, Authelia) where possible**.
And if you do use this method, **use a strong password!**
{.is-danger}
## Create authentication file
First, from the web servers directory (in our case, the `swag` containers directory, create an `.htpasswd` file with the user youd like to authenticate with, like so:
`sh -c "echo -n 'shmick:'" > /Red-Vol/Media/Containers/swag/config/nginx/.htpasswd`
> This command will overwrite any previous credentials in this file, if it exists.
{.is-warning}
## Generate and salt a password
You can use `openssl` to generate the password:
`sh -c "openssl passwd -apr1" >> /Red-Vol/Media/Containers/swag/config/nginx/.htpasswd`
This will prompt you to enter and confirm a password, and will output a hash into the `.htpasswd` file.
## Point webpage to authentication file
By default, sites wont reach for the file to authenticate. To point a site to authenticate using the file, youll need to add the following in their configuration:
```plaintext
location / {
# enable the next two lines for http auth
auth_basic "Restricted";
# ^ Message displayed in pop-up window
auth_basic_user_file /config/nginx/.htpasswd;
```
> You may need to restart nginx for the configuration to take effect.
{.is-info}
## All done!
Finally, you should see a pop up when you browse to the site:
![](/nginx_auth.png)
Example pop-up window
Reference in New Issue View Git Blame Copy Permalink