/ Register

Learn about Centmin Mod LEMP Stack today
Become a Member

Nginx How to properly password protect a directory or file?

Discussion in 'Centmin Mod Insights' started by rdan, Jun 25, 2014.

Tags:
Previous Thread Next Thread
Loading...
Page 1 of 5
  1. Jun 25, 2014 #1
    rdan

    rdan Well-Known Member

    4,983
    1,185
    113
    May 25, 2014
    Ratings:
    +1,804
    Local Time:
    4:37 AM
    Mainline
    10.2
    Like for example, I want to password protect /install/ directory and /admin.php.
    What command should I execute?
    Thanks
     
  2. Jun 25, 2014 #2
    eva2000

    eva2000 Administrator Staff Member

    45,220
    10,284
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,939
    Local Time:
    6:37 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Update FAQ item 43 outlines how to password protect directories and files. I'd use htpasswd.sh script I wrote myself mentioned further below instead of htpasswd.py.

    Same as outlined at Nginx and vBulletin Connect 5 Vhost and PHP-FPM - PHP Warning: require(): Unable to allocate memory for pool. Also official documentation Module ngx_http_auth_basic_module

    Use htpasswd.py script at /usr/local/nginx/conf/htpasswd.py to setup username and password using following command:

    Code:
    python /usr/local/nginx/conf/htpasswd.py -b /usr/local/nginx/conf/htpasswd yourusername yourpassword
    change /usr/local/nginx/conf/htpasswd filename and path for your unique filename and yourusername and yourpassword to unique values of your own

    or use the htpasswd.sh script i wrote in post 28 in this thread

    Code:
    wget -O /usr/local/nginx/conf/htpasswd.sh https://github.com/centminmod/centminmod/raw/123.09beta01/tools/htpasswd.sh
chmod +x /usr/local/nginx/conf/htpasswd.sh
    Code:
    /usr/local/nginx/conf/htpasswd.sh

/usr/local/nginx/conf/htpasswd.sh {create|append} /usr/local/nginx/conf/htpasswd user1 pass1
     
    Last edited: Oct 29, 2014
  3. Jun 25, 2014 #3
    rdan

    rdan Well-Known Member

    4,983
    1,185
    113
    May 25, 2014
    Ratings:
    +1,804
    Local Time:
    4:37 AM
    Mainline
    10.2
    I can run that command anywhere?
     
  4. Jun 25, 2014 #4
    rdan

    rdan Well-Known Member

    4,983
    1,185
    113
    May 25, 2014
    Ratings:
    +1,804
    Local Time:
    4:37 AM
    Mainline
    10.2
    So I can't create a separate username/password for admin.php and /install?
     
  5. Jun 25, 2014 #5
    rdan

    rdan Well-Known Member

    4,983
    1,185
    113
    May 25, 2014
    Ratings:
    +1,804
    Local Time:
    4:37 AM
    Mainline
    10.2
    If I understand correctly, If I want another set of account, all I have to do is change/create new passwd file?
    Like:
    Code:
     python /usr/local/nginx/conf/htpasswd.py -c -b /usr/local/nginx/conf/htpasswd2 username password
     
  6. Jun 25, 2014 #6
    eva2000

    eva2000 Administrator Staff Member

    45,220
    10,284
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,939
    Local Time:
    6:37 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    yeah can run the command anywhere and if you want separate user/pass files need to have different filenames from /usr/local/nginx/conf/htpasswd

    i.e.

    /usr/local/nginx/conf/htpasswd_install
    /usr/local/nginx/conf/htpasswd_admin
     
  7. Jun 25, 2014 #7
    rdan

    rdan Well-Known Member

    4,983
    1,185
    113
    May 25, 2014
    Ratings:
    +1,804
    Local Time:
    4:37 AM
    Mainline
    10.2
    I understand the concept now :)
    Thanks a lot!
    This is a problem when I have 3 other admins and both of us don't have static IP.
     
  8. Jun 25, 2014 #8
    rdan

    rdan Well-Known Member

    4,983
    1,185
    113
    May 25, 2014
    Ratings:
    +1,804
    Local Time:
    4:37 AM
    Mainline
    10.2
    This code doesn't work:
    Code:
    location /admin.php {
     auth_basic "Private";
    auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
        }
    Why?
     
  9. Jun 25, 2014 #9
    eva2000

    eva2000 Administrator Staff Member

    45,220
    10,284
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,939
    Local Time:
    6:37 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Code:
      location ~ ^/(admin.php) {
     include /usr/local/nginx/conf/php.conf;
     auth_basic "Private";
     auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
        }
     
  10. Jun 25, 2014 #10
    rdan

    rdan Well-Known Member

    4,983
    1,185
    113
    May 25, 2014
    Ratings:
    +1,804
    Local Time:
    4:37 AM
    Mainline
    10.2
    It works, Thanks a lot!
    Wonder why /admin.php didn't work?
     
  11. Jun 25, 2014 #11
    eva2000

    eva2000 Administrator Staff Member

    45,220
    10,284
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,939
    Local Time:
    6:37 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    because locations usually match directories not files with the way you had it before
     
  12. Jun 25, 2014 #12
    rdan

    rdan Well-Known Member

    4,983
    1,185
    113
    May 25, 2014
    Ratings:
    +1,804
    Local Time:
    4:37 AM
    Mainline
    10.2
    Wait I have set a password with number+letters like: 12345pass
    If I enter a password that just 12345 it accepts, why?
    Should be wrong password.
     
  13. Jun 25, 2014 #13
    eva2000

    eva2000 Administrator Staff Member

    45,220
    10,284
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,939
    Local Time:
    6:37 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    No idea, that shouldn't really happen .. try it in private browser session with no session cookies etc
     
  14. Jun 25, 2014 #14
    rdan

    rdan Well-Known Member

    4,983
    1,185
    113
    May 25, 2014
    Ratings:
    +1,804
    Local Time:
    4:37 AM
    Mainline
    10.2
    Yes I already tried on other browser with zero data.
     
  15. Jun 25, 2014 #15
    rdan

    rdan Well-Known Member

    4,983
    1,185
    113
    May 25, 2014
    Ratings:
    +1,804
    Local Time:
    4:37 AM
    Mainline
    10.2
    Trying to change my password then.
     
  16. Jun 25, 2014 #16
    rdan

    rdan Well-Known Member

    4,983
    1,185
    113
    May 25, 2014
    Ratings:
    +1,804
    Local Time:
    4:37 AM
    Mainline
    10.2
    I already tried changing the password, still encountering the issue.
    I tried to use a password: thisdirprotected
    When I just input a password like thisdirprotecte (missing last letter d) still accepted :(
     
  17. Jun 25, 2014 #17
    eva2000

    eva2000 Administrator Staff Member

    45,220
    10,284
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,939
    Local Time:
    6:37 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    I tried with the htpasswd as well as htpasswd_admin_php file both do not accept incomplete missing characters for usernames but do for passwords !

    Code:
      location ~ ^/(admin.php) {
     include /usr/local/nginx/conf/php.conf;
     auth_basic "Private";
     auth_basic_user_file /usr/local/nginx/conf/htpasswd;
        }
    Code:
      location ~ ^/(admin.php) {
     include /usr/local/nginx/conf/php.conf;
     auth_basic "Private";
     auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
        }
     
  18. Jun 25, 2014 #18
    rdan

    rdan Well-Known Member

    4,983
    1,185
    113
    May 25, 2014
    Ratings:
    +1,804
    Local Time:
    4:37 AM
    Mainline
    10.2
    The only difference i got is I include staticfiles.conf.
     
  19. Jun 25, 2014 #19
    eva2000

    eva2000 Administrator Staff Member

    45,220
    10,284
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,939
    Local Time:
    6:37 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
  20. Jun 25, 2014 #20
    rdan

    rdan Well-Known Member

    4,983
    1,185
    113
    May 25, 2014
    Ratings:
    +1,804
    Local Time:
    4:37 AM
    Mainline
    10.2
    Wait, I don't have problems on /admin.php
    But on /install/, here's my code:
    Code:
    location /install/ {
    index index.php index.html index.htm;
    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/php.conf;
    auth_basic "Private";
    auth_basic_user_file /usr/local/nginx/conf/htpasswd_install;
        }
     
Previous Thread Next Thread
Loading...
Page 1 of 5

.