Welcome to Centmin Mod Community
Become a Member

Nginx How to properly password protect a directory or file?

Discussion in 'Centmin Mod Insights' started by RoldanLT, Jun 25, 2014.

Tags:
  1. Jimmy

    Jimmy Premium Member Premium Member

    1,147
    253
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +616
    Local Time:
    8:32 PM
    1.13.x
    MariaDB 10.1.x
    Ok. Not sure what is going on on my end. I think it's best to step away from my computer, eat, and come back and try this later.

    I appreciate you taking the time to check it out. I know your busy. :)
     
    • Like Like x 1
  2. Jimmy

    Jimmy Premium Member Premium Member

    1,147
    253
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +616
    Local Time:
    8:32 PM
    1.13.x
    MariaDB 10.1.x
    That's the problem. I was entering the encrypted form. I didn't realize those were encrypted. :mask:
     
  3. eva2000

    eva2000 Administrator Staff Member

    30,632
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,308
    Local Time:
    11:32 AM
    Nginx 1.13.x
    MariaDB 5.5
    haha encrypted form is just for nginx to read :)
     
  4. Jimmy

    Jimmy Premium Member Premium Member

    1,147
    253
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +616
    Local Time:
    8:32 PM
    1.13.x
    MariaDB 10.1.x
    What a pisser it is to have the password for / and the memcached / opcache pages with passwords. For some reason I can't get into those info pages when I have a password set in the virtual.conf on /.

    When I omit this:
    Code:
        location ~ ^/ {
            auth_basic "Private";
            auth_basic_user_file /usr/local/nginx/conf/htpasswd_virtual;
            include /usr/local/nginx/conf/php.conf;
        }
    I have no problem getting into the memcached / opcache pages when I don't set a password for /. I also have no problem getting into the main directory when I have a password set. I know all the passwords work. But when the passwords are stacked (/ password) + (memcached password) I can't get in.
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,632
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,308
    Local Time:
    11:32 AM
    Nginx 1.13.x
    MariaDB 5.5
    what's the vhost look like when you try ? both memcached and opcache stats pages are already default password protected anyway - i made sure to do it that way in case folks forget to password protect it themselves.
     
  6. Jimmy

    Jimmy Premium Member Premium Member

    1,147
    253
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +616
    Local Time:
    8:32 PM
    1.13.x
    MariaDB 10.1.x
    Below is the vhost for my virtual.conf. The password works on the server.mydomain.com it's when I hit one of those pages under that I'm having the issue: server.mydomain.com/memcached_83838383.php - here I can never get pass the double password request.

    Code:
    server {
        listen 80 default_server backlog=2048 reuseport fastopen=256;
        server_name server1.zeronug.com;
        root   html;
    
        access_log              /var/log/nginx/localhost.access.log     main_ext buffer=256k flush=5m;
        error_log               /var/log/nginx/localhost.error.log      error;
    
        location /nginx_status {
            stub_status on;
            access_log   off;
            allow 127.0.0.1;
            deny all;
        }
    
        location ~ ^/ {
            auth_basic "Private";
            auth_basic_user_file /usr/local/nginx/conf/htpasswd_virtual;
            include /usr/local/nginx/conf/php.conf;
        }
    
        include /usr/local/nginx/conf/staticfiles.conf;
        include /usr/local/nginx/conf/include_opcache.conf;
        include /usr/local/nginx/conf/php.conf;
        #include /usr/local/nginx/conf/phpstatus.conf;
        include /usr/local/nginx/conf/drop.conf;
        #include /usr/local/nginx/conf/errorpage.conf;
        #include /usr/local/nginx/conf/vts_mainserver.conf;
    }
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,632
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,308
    Local Time:
    11:32 AM
    Nginx 1.13.x
    MariaDB 5.5
    Oh it's double password because memcached and opcache php files have natively embedded password protection I added myself ;) Which means even if you do not have any web server level password protection, if you tried to access those specific php pages, you will get a password prompt - you can edit those files to change the randomly generated password I added.
     
  8. Jimmy

    Jimmy Premium Member Premium Member

    1,147
    253
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +616
    Local Time:
    8:32 PM
    1.13.x
    MariaDB 10.1.x
    Yea, I realize that the memcached and opcache has their own passwords which are set in the files. Those work fine if I don't have password protection in my vhost. If I add password protection to the base site (see my vhost example), I have to go through two password requests to get to those pages:
    • host.mydomain.com html site password (I set).
    • memcached or opcache password

    The issue that I can't get through both passwords prompts on those pages even though I know both u and p are working. It's not really a big deal, I can remove the password from the base site. But I wanted to secure the .html file.
     
  9. eva2000

    eva2000 Administrator Staff Member

    30,632
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,308
    Local Time:
    11:32 AM
    Nginx 1.13.x
    MariaDB 5.5
  10. Jimmy

    Jimmy Premium Member Premium Member

    1,147
    253
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +616
    Local Time:
    8:32 PM
    1.13.x
    MariaDB 10.1.x
    It should've been site and not file. Wasn't looking to only protect that file... but that might be an option.
     
  11. Jimmy

    Jimmy Premium Member Premium Member

    1,147
    253
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +616
    Local Time:
    8:32 PM
    1.13.x
    MariaDB 10.1.x
    @eva2000

    Just tired to create a new password file and got an error:
    Code:
    # /usr/local/nginx/conf/htpasswd.sh create /user/local/nginx/conf/htpasswd_bct_main cu4w991q 'gx/.[N3:TS_3{m6.'
    # touch: cannot touch ‘/user/local/nginx/conf/htpasswd_bct_main’: No such file or directory
    
     
  12. eva2000

    eva2000 Administrator Staff Member

    30,632
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,308
    Local Time:
    11:32 AM
    Nginx 1.13.x
    MariaDB 5.5
    it's the password characters inteferring .. try without some of the punctuation which shell/bash would parse on SSH command line.

    use Strong Password Generator to generate a password avoiding programming punctuation

    upload_2017-10-5_6-23-57.png
     
  13. Jimmy

    Jimmy Premium Member Premium Member

    1,147
    253
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +616
    Local Time:
    8:32 PM
    1.13.x
    MariaDB 10.1.x
    Code:
    # /usr/local/nginx/conf/htpasswd.sh create /user/local/nginx/conf/htpasswd_bct_main cu4w991q 'RmfLBHuR656nvoZ97F2s84ZDYaYbYAiyysTngK8EmXF4Dto4'
    touch: cannot touch ‘/user/local/nginx/conf/htpasswd_bct_main’: No such file or directory
    
     
  14. Jimmy

    Jimmy Premium Member Premium Member

    1,147
    253
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +616
    Local Time:
    8:32 PM
    1.13.x
    MariaDB 10.1.x
    Removed ' ' and still error

    Code:
    # /usr/local/nginx/conf/htpasswd.sh create /user/local/nginx/conf/htpasswd_bct_main cu4w991q RmfLBHuR656nvoZ97F2s84ZDYaYbYAiyysTngK8EmXF4Dto4
    touch: cannot touch ‘/user/local/nginx/conf/htpasswd_bct_main’: No such file or directory
    
     
  15. eva2000

    eva2000 Administrator Staff Member

    30,632
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,308
    Local Time:
    11:32 AM
    Nginx 1.13.x
    MariaDB 5.5
    what's output for running script in debug mode
    Code (Text):
    bash -x /usr/local/nginx/conf/htpasswd.sh create /user/local/nginx/conf/htpasswd_bct_main cu4w991q RmfLBHuR656nvoZ97F2s84ZDYaYbYAiyysTngK8EmXF4Dto4
    
     
  16. Jimmy

    Jimmy Premium Member Premium Member

    1,147
    253
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +616
    Local Time:
    8:32 PM
    1.13.x
    MariaDB 10.1.x
    Code:
    # bash -x /usr/local/nginx/conf/htpasswd.sh create /user/local/nginx/conf/htpasswd_bct_main cu4w991q RmfLBHuR656nvoZ97F2s84ZDYaYbYAiyysTngK8EmXF4Dto4
    ++ date +%d%m%y-%H%M%S
    + DT=041017-204652
    + file=/user/local/nginx/conf/htpasswd_bct_main
    + user=cu4w991q
    + pass=RmfLBHuR656nvoZ97F2s84ZDYaYbYAiyysTngK8EmXF4Dto4
    + case "$1" in
    + touch /user/local/nginx/conf/htpasswd_bct_main
    touch: cannot touch ‘/user/local/nginx/conf/htpasswd_bct_main’: No such file or directory
    + genpassc
    + [[ -f /user/local/nginx/conf/htpasswd_bct_main ]]
    
     
  17. eva2000

    eva2000 Administrator Staff Member

    30,632
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,308
    Local Time:
    11:32 AM
    Nginx 1.13.x
    MariaDB 5.5
    ah found ya problem 'user' vs 'usr' in /user/local/nginx/conf/htpasswd_bct_main ;)
     
    • Like Like x 1
  18. Jimmy

    Jimmy Premium Member Premium Member

    1,147
    253
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +616
    Local Time:
    8:32 PM
    1.13.x
    MariaDB 10.1.x
    Was that changed? Looking over this thread, usr was used. In my docs, usr was also used. I've created passwords before using my doc.
     
  19. Jimmy

    Jimmy Premium Member Premium Member

    1,147
    253
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +616
    Local Time:
    8:32 PM
    1.13.x
    MariaDB 10.1.x
    Still get an error.

    Code:
    # /user/local/nginx/conf/htpasswd.sh create /user/local/nginx/conf/htpasswd_bct_main cu4w991q RmfLBHuR656nvoZ97F2s84ZDYaYbYAiyysTngK8EmXF4Dto4
    -bash: /user/local/nginx/conf/htpasswd.sh: No such file or directory
    
     
  20. eva2000

    eva2000 Administrator Staff Member

    30,632
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,308
    Local Time:
    11:32 AM
    Nginx 1.13.x
    MariaDB 5.5
    you're still using incorect /user instead of /usr