Je bekijkt nu Nginx directory protection

Nginx directory protection

Note to self

remember next time!

Let’s say you have a php web application like adminer. – The alternative to mysqladmin recommended for beginner students. And you have a web hosting panel like cloudpanelalternative to cpanel and directadmin, built on nginxthe alternative to the apache webserver gaining popularity in the cloud era. How are we going to configure an htaccess-like trick:

  • a file containing a user – (crypted) password combination
  • this user is required to login in to a specific directory
  • set up nginx to get this done

Install apache2-utils

Running debian, it goes:

apt install   apache2-utils

Create the passwordfile

root@server:/usr/share/nginx# htpasswd -b -c .adminer demo123 pass456
Adding password for user demo123
root@server:/usr/share/nginx# cat .adminer

You might add a column to this file containing a remark

demo123:$apr1$IK03eNbD$yt2.VCuVAVB.pUWd9BRAo.: Do not use this ridiculous password

Set up the password file in the nginx config

In Cloudpanel, go to the domain in question, open the Vhost tab. Edit the vhost file .adminer adding this code:

location ^~ /adminer/ {
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
fastcgi_read_timeout 3600;
fastcgi_send_timeout 3600;
fastcgi_param HTTPS $fastcgi_https;
auth_basic "For Me Only";
auth_basic_user_file /usr/share/nginx/.adminer;