Learn about Centmin Mod LEMP Stack today
Register Now

Nginx How to properly password protect a directory or file?

Discussion in 'Centmin Mod Insights' started by rdan, Jun 25, 2014.

Tags:
  1. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    6:28 PM
    Mainline
    10.2
    Like for example, I want to password protect /install/ directory and /admin.php.
    What command should I execute?
    Thanks

     
  2. eva2000

    eva2000 Administrator Staff Member

    53,811
    12,159
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,711
    Local Time:
    8:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Update FAQ item 43 outlines how to password protect directories and files. I'd use htpasswd.sh script I wrote myself mentioned further below instead of htpasswd.py.

    Same as outlined at Nginx and vBulletin Connect 5 Vhost and PHP-FPM - PHP Warning: require(): Unable to allocate memory for pool. Also official documentation Module ngx_http_auth_basic_module

    Use htpasswd.py script at /usr/local/nginx/conf/htpasswd.py to setup username and password using following command:

    Code:
    python /usr/local/nginx/conf/htpasswd.py -b /usr/local/nginx/conf/htpasswd yourusername yourpassword
    change /usr/local/nginx/conf/htpasswd filename and path for your unique filename and yourusername and yourpassword to unique values of your own

    or use the htpasswd.sh script i wrote in post 28 in this thread

    Code:
    wget -O /usr/local/nginx/conf/htpasswd.sh https://github.com/centminmod/centminmod/raw/123.09beta01/tools/htpasswd.sh
    chmod +x /usr/local/nginx/conf/htpasswd.sh
    Code:
    /usr/local/nginx/conf/htpasswd.sh
    
    /usr/local/nginx/conf/htpasswd.sh {create|append} /usr/local/nginx/conf/htpasswd user1 pass1
     
    Last edited: Oct 29, 2014
  3. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    6:28 PM
    Mainline
    10.2
    I can run that command anywhere?
     
  4. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    6:28 PM
    Mainline
    10.2
    So I can't create a separate username/password for admin.php and /install?
     
  5. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    6:28 PM
    Mainline
    10.2
    If I understand correctly, If I want another set of account, all I have to do is change/create new passwd file?
    Like:
    Code:
     python /usr/local/nginx/conf/htpasswd.py -c -b /usr/local/nginx/conf/htpasswd2 username password
     
  6. eva2000

    eva2000 Administrator Staff Member

    53,811
    12,159
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,711
    Local Time:
    8:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah can run the command anywhere and if you want separate user/pass files need to have different filenames from /usr/local/nginx/conf/htpasswd

    i.e.

    /usr/local/nginx/conf/htpasswd_install
    /usr/local/nginx/conf/htpasswd_admin
     
  7. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    6:28 PM
    Mainline
    10.2
    I understand the concept now :)
    Thanks a lot!
    This is a problem when I have 3 other admins and both of us don't have static IP.
     
  8. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    6:28 PM
    Mainline
    10.2
    This code doesn't work:
    Code:
    location /admin.php {
         auth_basic "Private";
        auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
            }
    
    Why?
     
  9. eva2000

    eva2000 Administrator Staff Member

    53,811
    12,159
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,711
    Local Time:
    8:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Code:
      location ~ ^/(admin.php) {
         include /usr/local/nginx/conf/php.conf;
         auth_basic "Private";
         auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
            }
    
     
  10. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    6:28 PM
    Mainline
    10.2
    It works, Thanks a lot!
    Wonder why /admin.php didn't work?
     
  11. eva2000

    eva2000 Administrator Staff Member

    53,811
    12,159
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,711
    Local Time:
    8:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    because locations usually match directories not files with the way you had it before
     
  12. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    6:28 PM
    Mainline
    10.2
    Wait I have set a password with number+letters like: 12345pass
    If I enter a password that just 12345 it accepts, why?
    Should be wrong password.
     
  13. eva2000

    eva2000 Administrator Staff Member

    53,811
    12,159
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,711
    Local Time:
    8:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    No idea, that shouldn't really happen .. try it in private browser session with no session cookies etc
     
  14. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    6:28 PM
    Mainline
    10.2
    Yes I already tried on other browser with zero data.
     
  15. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    6:28 PM
    Mainline
    10.2
    Trying to change my password then.
     
  16. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    6:28 PM
    Mainline
    10.2
    I already tried changing the password, still encountering the issue.
    I tried to use a password: thisdirprotected
    When I just input a password like thisdirprotecte (missing last letter d) still accepted :(
     
  17. eva2000

    eva2000 Administrator Staff Member

    53,811
    12,159
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,711
    Local Time:
    8:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    I tried with the htpasswd as well as htpasswd_admin_php file both do not accept incomplete missing characters for usernames but do for passwords !

    Code:
      location ~ ^/(admin.php) {
         include /usr/local/nginx/conf/php.conf;
         auth_basic "Private";
         auth_basic_user_file /usr/local/nginx/conf/htpasswd;
            }
    Code:
      location ~ ^/(admin.php) {
         include /usr/local/nginx/conf/php.conf;
         auth_basic "Private";
         auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
            }
     
  18. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    6:28 PM
    Mainline
    10.2
    The only difference i got is I include staticfiles.conf.
     
  19. eva2000

    eva2000 Administrator Staff Member

    53,811
    12,159
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,711
    Local Time:
    8:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  20. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    6:28 PM
    Mainline
    10.2
    Wait, I don't have problems on /admin.php
    But on /install/, here's my code:
    Code:
    location /install/ {
        index index.php index.html index.htm;
        include /usr/local/nginx/conf/staticfiles.conf;
        include /usr/local/nginx/conf/php.conf;
        auth_basic "Private";
        auth_basic_user_file /usr/local/nginx/conf/htpasswd_install;
            }