Welcome to Centmin Mod Community
Become a Member

Nginx How to properly password protect a directory or file?

Discussion in 'Centmin Mod Insights' started by rdan, Jun 25, 2014.

Tags:
  1. rdan

    rdan Premium Member Premium Member

    5,235
    1,307
    113
    May 25, 2014
    Ratings:
    +2,012
    Local Time:
    8:24 PM
    Mainline
    10.2
    Like for example, I want to password protect /install/ directory and /admin.php.
    What command should I execute?
    Thanks

     
  2. eva2000

    eva2000 Administrator Staff Member

    48,515
    11,114
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,304
    Local Time:
    10:24 PM
    Nginx 1.21.x
    MariaDB 10.x
    Update FAQ item 43 outlines how to password protect directories and files. I'd use htpasswd.sh script I wrote myself mentioned further below instead of htpasswd.py.

    Same as outlined at Nginx and vBulletin Connect 5 Vhost and PHP-FPM - PHP Warning: require(): Unable to allocate memory for pool. Also official documentation Module ngx_http_auth_basic_module

    Use htpasswd.py script at /usr/local/nginx/conf/htpasswd.py to setup username and password using following command:

    Code:
    python /usr/local/nginx/conf/htpasswd.py -b /usr/local/nginx/conf/htpasswd yourusername yourpassword
    change /usr/local/nginx/conf/htpasswd filename and path for your unique filename and yourusername and yourpassword to unique values of your own

    or use the htpasswd.sh script i wrote in post 28 in this thread

    Code:
    wget -O /usr/local/nginx/conf/htpasswd.sh https://github.com/centminmod/centminmod/raw/123.09beta01/tools/htpasswd.sh
    chmod +x /usr/local/nginx/conf/htpasswd.sh
    Code:
    /usr/local/nginx/conf/htpasswd.sh
    
    /usr/local/nginx/conf/htpasswd.sh {create|append} /usr/local/nginx/conf/htpasswd user1 pass1
     
    Last edited: Oct 29, 2014
  3. rdan

    rdan Premium Member Premium Member

    5,235
    1,307
    113
    May 25, 2014
    Ratings:
    +2,012
    Local Time:
    8:24 PM
    Mainline
    10.2
    I can run that command anywhere?
     
  4. rdan

    rdan Premium Member Premium Member

    5,235
    1,307
    113
    May 25, 2014
    Ratings:
    +2,012
    Local Time:
    8:24 PM
    Mainline
    10.2
    So I can't create a separate username/password for admin.php and /install?
     
  5. rdan

    rdan Premium Member Premium Member

    5,235
    1,307
    113
    May 25, 2014
    Ratings:
    +2,012
    Local Time:
    8:24 PM
    Mainline
    10.2
    If I understand correctly, If I want another set of account, all I have to do is change/create new passwd file?
    Like:
    Code:
     python /usr/local/nginx/conf/htpasswd.py -c -b /usr/local/nginx/conf/htpasswd2 username password
     
  6. eva2000

    eva2000 Administrator Staff Member

    48,515
    11,114
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,304
    Local Time:
    10:24 PM
    Nginx 1.21.x
    MariaDB 10.x
    yeah can run the command anywhere and if you want separate user/pass files need to have different filenames from /usr/local/nginx/conf/htpasswd

    i.e.

    /usr/local/nginx/conf/htpasswd_install
    /usr/local/nginx/conf/htpasswd_admin
     
  7. rdan

    rdan Premium Member Premium Member

    5,235
    1,307
    113
    May 25, 2014
    Ratings:
    +2,012
    Local Time:
    8:24 PM
    Mainline
    10.2
    I understand the concept now :)
    Thanks a lot!
    This is a problem when I have 3 other admins and both of us don't have static IP.
     
  8. rdan

    rdan Premium Member Premium Member

    5,235
    1,307
    113
    May 25, 2014
    Ratings:
    +2,012
    Local Time:
    8:24 PM
    Mainline
    10.2
    This code doesn't work:
    Code:
    location /admin.php {
         auth_basic "Private";
        auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
            }
    
    Why?
     
  9. eva2000

    eva2000 Administrator Staff Member

    48,515
    11,114
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,304
    Local Time:
    10:24 PM
    Nginx 1.21.x
    MariaDB 10.x
    Code:
      location ~ ^/(admin.php) {
         include /usr/local/nginx/conf/php.conf;
         auth_basic "Private";
         auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
            }
    
     
  10. rdan

    rdan Premium Member Premium Member

    5,235
    1,307
    113
    May 25, 2014
    Ratings:
    +2,012
    Local Time:
    8:24 PM
    Mainline
    10.2
    It works, Thanks a lot!
    Wonder why /admin.php didn't work?
     
  11. eva2000

    eva2000 Administrator Staff Member

    48,515
    11,114
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,304
    Local Time:
    10:24 PM
    Nginx 1.21.x
    MariaDB 10.x
    because locations usually match directories not files with the way you had it before
     
  12. rdan

    rdan Premium Member Premium Member

    5,235
    1,307
    113
    May 25, 2014
    Ratings:
    +2,012
    Local Time:
    8:24 PM
    Mainline
    10.2
    Wait I have set a password with number+letters like: 12345pass
    If I enter a password that just 12345 it accepts, why?
    Should be wrong password.
     
  13. eva2000

    eva2000 Administrator Staff Member

    48,515
    11,114
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,304
    Local Time:
    10:24 PM
    Nginx 1.21.x
    MariaDB 10.x
    No idea, that shouldn't really happen .. try it in private browser session with no session cookies etc
     
  14. rdan

    rdan Premium Member Premium Member

    5,235
    1,307
    113
    May 25, 2014
    Ratings:
    +2,012
    Local Time:
    8:24 PM
    Mainline
    10.2
    Yes I already tried on other browser with zero data.
     
  15. rdan

    rdan Premium Member Premium Member

    5,235
    1,307
    113
    May 25, 2014
    Ratings:
    +2,012
    Local Time:
    8:24 PM
    Mainline
    10.2
    Trying to change my password then.
     
  16. rdan

    rdan Premium Member Premium Member

    5,235
    1,307
    113
    May 25, 2014
    Ratings:
    +2,012
    Local Time:
    8:24 PM
    Mainline
    10.2
    I already tried changing the password, still encountering the issue.
    I tried to use a password: thisdirprotected
    When I just input a password like thisdirprotecte (missing last letter d) still accepted :(
     
  17. eva2000

    eva2000 Administrator Staff Member

    48,515
    11,114
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,304
    Local Time:
    10:24 PM
    Nginx 1.21.x
    MariaDB 10.x
    I tried with the htpasswd as well as htpasswd_admin_php file both do not accept incomplete missing characters for usernames but do for passwords !

    Code:
      location ~ ^/(admin.php) {
         include /usr/local/nginx/conf/php.conf;
         auth_basic "Private";
         auth_basic_user_file /usr/local/nginx/conf/htpasswd;
            }
    Code:
      location ~ ^/(admin.php) {
         include /usr/local/nginx/conf/php.conf;
         auth_basic "Private";
         auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
            }
     
  18. rdan

    rdan Premium Member Premium Member

    5,235
    1,307
    113
    May 25, 2014
    Ratings:
    +2,012
    Local Time:
    8:24 PM
    Mainline
    10.2
    The only difference i got is I include staticfiles.conf.
     
  19. eva2000

    eva2000 Administrator Staff Member

    48,515
    11,114
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,304
    Local Time:
    10:24 PM
    Nginx 1.21.x
    MariaDB 10.x
  20. rdan

    rdan Premium Member Premium Member

    5,235
    1,307
    113
    May 25, 2014
    Ratings:
    +2,012
    Local Time:
    8:24 PM
    Mainline
    10.2
    Wait, I don't have problems on /admin.php
    But on /install/, here's my code:
    Code:
    location /install/ {
        index index.php index.html index.htm;
        include /usr/local/nginx/conf/staticfiles.conf;
        include /usr/local/nginx/conf/php.conf;
        auth_basic "Private";
        auth_basic_user_file /usr/local/nginx/conf/htpasswd_install;
            }