Basic Authentication with Nginx

Basic Authentication with Nginx

Basic authentication provides an easy way to password protect an endpoint on our server. Today we will see how we can create a password file and use it to enable basic authentication on Nginx.

  1. Create a password
  2. Enable basic authentication
  3. Reuse configuration

If you haven’t seen Nginx before, you can have a look at my previous blog post on Getting started with Nginx

1. Create a password

To create a password, we will use the apache2-utils tool called htpasswd.

sudo apt-get update
sudo apt-get install apache2-utils

htpasswd allows use to create passwords encrypted stored in a file

sudo htpasswd -c /etc/myapp/.htpasswd user1

-c is used to create the file. If we want to add other users we can omit the parameter.

sudo htpasswd /etc/myapp/.htpasswd user2

Now if we navigate to /etc/myapp/ we will be able to find our .htpasswd file containing encrypted passwords together with usernames.

2. Enable basic authentication

Enabling basic authentication can be achieved by using the auth_basic and auth_basic_user_file directives.

location /test {
    auth_basic "Administrator's Area";
    auth_basic_user_file /etc/myapp/.htpasswd;
}

The auth_basic defines the realm where the basic auth operates. Now when we navigate to the location, we should be prompted with the basic auth dialog box.

To add another layer of security, we can use allow x.x.x.x and deny x.x.x.x to restrict access to only certain ip addresses where x.x.x.x being the ip address targeted. We can also target a range by specifying a mask x.x.x.x/x.

satisfy all
allow x.x.x.x;
deny all;

auth_basic "Administrator's Area";
auth_basic_user_file /etc/myapp/.htpasswd;

3. Reuse configuration

In order to reuse the configuration we can extract it and put it in a auth_basic file and ip_access file under /etc/nginx/conf.d.

We would create /etc/nginx/conf.d/basic_auth:

auth_basic "Administrator's Area";
auth_basic_user_file /etc/myapp/.htpasswd;

And under /etc/nginx/conf.d/ip_access:

allow x.x.x.x;
deny all;

And we would use it with the include directive:

location /test {
    include conf.d/basic_auth;
    include conf.d/ip_access;
}

This allows us to reuse the configuration in different location and also different site files. And this concludes today’s post for basic authentication with Nginx!

Conclusion

Today we saw how to enable basic authentication for nginx using htpasswd. We saw how to configure the basic auth using the auth_basic and auth_basic_user_file directives and saw how to restrict access by IP to add a second layer of security. Lastly we saw how we could move the configuration to separate reusable configuration files which can be reused using the include directive. Hope you liked this post, see you next time!

Comments

Post a Comment

Popular posts from this blog

A complete SignalR with ASP Net Core example with WSS, Authentication, Nginx

SignalR with ASP Net Core SignalR is a framework from ASP NET Core allowing us to establish a two way communication between client and server. This two way communication allows the client to send messages to the server but more importantly allows the server to push messages to the client. SignalR makes use of Websocket when available else it falls back to SSE or pulling. Today we will focus on how to setup SignalR to work with WSS, Websocket secure and how we can authenticate the user requesting to connect to our SignalR hub via Webscoket. Getting started with SignalR SSL encryption for Websocket Secure WSS Websocket Authentication with Identity Server 4 SignalR behind Nginx 1. Getting started with SignalR The Hubs are the main components of SignalR. It is an abstraction of a two way communication available for both client and server. Public functions from the hub can be called from the server code and can be called from the client. The frontend NPM package @aspnet/signalr
Keep reading

Microsoft Orleans logs warnings and errors

Microsoft Orleans logs warnings and errors Microsoft Orleans is a framework which helps building distributed system by implementing the actor model together with the concept of virtual actors, taking care of availability and concurrency. If you are unfamiliar with Microsoft Orleans, you can look at my previous blog post explaining the benefits of Microsoft Orleans . Even though Orleans promises to abstract the distributed system problems, there are instances where errors arise without us being able to understand what is going on. Lucky us, the logs are well documented… but only for those who can decrypt them. Today I will go through some of the errors and warnings which can be seen from silo and client so that you too can undestand what is going on. Enjoy! The code used to produce those errors can be found on my GitHub https://github.com/Kimserey/orleans-cluster-consul . 1. Client logs Logs on client appears with address {ip}:0 . 1.1. Can’t find implementation of interface An un
Keep reading

One way to structure Web App built in F# and WebSharper

Image
Architecture for Web App built in F# and WebSharper F# + WebSharper is an awesome combination to build web application . The only problem is that if you want to build a web app larger than a to-do list, it’s hard to find examples to use as references. It is even harder to find tutorials that touches on overall design and answer questions like: How should I start? Where should I put the code? How should I separate the code, put it in different files, with different namespaces or modules? How many layers? Asking these questions at the beginning of the development is important. All these questions if answered correctly will lead to a good structure for the application. Answered incorrectly, or not even asked, will most likely lead to unmaintainable/fragile/rigid (or whatever bad adjectives for coding) code. Over the last few months, I have been working on a web app built in F# with WebSharper and came out with an architecture that caters to extensions and decoupling. Today, I wil
Keep reading