Nginx How to properly password protect a directory or file?

Ok. Not sure what is going on on my end. I think it's best to step away from my computer, eat, and come back and try this later.

---

I appreciate you taking the time to check it out. I know your busy.

 

That's the problem. I was entering the encrypted form. I didn't realize those were encrypted.

 

What a pisser it is to have the password for / and the memcached / opcache pages with passwords. For some reason I can't get into those info pages when I have a password set in the virtual.conf on /.

When I omit this:

Code:

    location ~ ^/ {
        auth_basic "Private";
        auth_basic_user_file /usr/local/nginx/conf/htpasswd_virtual;
        include /usr/local/nginx/conf/php.conf;
    }

I have no problem getting into the memcached / opcache pages when I don't set a password for /. I also have no problem getting into the main directory when I have a password set. I know all the passwords work. But when the passwords are stacked (/ password) + (memcached password) I can't get in.

 

Below is the vhost for my virtual.conf. The password works on the server.mydomain.com it's when I hit one of those pages under that I'm having the issue: server.mydomain.com/memcached_83838383.php - here I can never get pass the double password request.

Code:

server {
    listen 80 default_server backlog=2048 reuseport fastopen=256;
    server_name server1.zeronug.com;
    root   html;

    access_log              /var/log/nginx/localhost.access.log     main_ext buffer=256k flush=5m;
    error_log               /var/log/nginx/localhost.error.log      error;

    location /nginx_status {
        stub_status on;
        access_log   off;
        allow 127.0.0.1;
        deny all;
    }

    location ~ ^/ {
        auth_basic "Private";
        auth_basic_user_file /usr/local/nginx/conf/htpasswd_virtual;
        include /usr/local/nginx/conf/php.conf;
    }

    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/include_opcache.conf;
    include /usr/local/nginx/conf/php.conf;
    #include /usr/local/nginx/conf/phpstatus.conf;
    include /usr/local/nginx/conf/drop.conf;
    #include /usr/local/nginx/conf/errorpage.conf;
    #include /usr/local/nginx/conf/vts_mainserver.conf;
}

 

Yea, I realize that the memcached and opcache has their own passwords which are set in the files. Those work fine if I don't have password protection in my vhost. If I add password protection to the base site (see my vhost example), I have to go through two password requests to get to those pages:

• host.mydomain.com html site password (I set).
• memcached or opcache password

The issue that I can't get through both passwords prompts on those pages even though I know both u and p are working. It's not really a big deal, I can remove the password from the base site. But I wanted to secure the .html file.

 

It should've been site and not file. Wasn't looking to only protect that file... but that might be an option.

 

@eva2000

Just tired to create a new password file and got an error:

Code:

# /usr/local/nginx/conf/htpasswd.sh create /user/local/nginx/conf/htpasswd_bct_main cu4w991q 'gx/.[N3:TS_3{m6.'
# touch: cannot touch ‘/user/local/nginx/conf/htpasswd_bct_main’: No such file or directory

 

Code:

# /usr/local/nginx/conf/htpasswd.sh create /user/local/nginx/conf/htpasswd_bct_main cu4w991q 'RmfLBHuR656nvoZ97F2s84ZDYaYbYAiyysTngK8EmXF4Dto4'
touch: cannot touch ‘/user/local/nginx/conf/htpasswd_bct_main’: No such file or directory

 

Removed ' ' and still error

Code:

# /usr/local/nginx/conf/htpasswd.sh create /user/local/nginx/conf/htpasswd_bct_main cu4w991q RmfLBHuR656nvoZ97F2s84ZDYaYbYAiyysTngK8EmXF4Dto4
touch: cannot touch ‘/user/local/nginx/conf/htpasswd_bct_main’: No such file or directory

 

Code:

# bash -x /usr/local/nginx/conf/htpasswd.sh create /user/local/nginx/conf/htpasswd_bct_main cu4w991q RmfLBHuR656nvoZ97F2s84ZDYaYbYAiyysTngK8EmXF4Dto4
++ date +%d%m%y-%H%M%S
+ DT=041017-204652
+ file=/user/local/nginx/conf/htpasswd_bct_main
+ user=cu4w991q
+ pass=RmfLBHuR656nvoZ97F2s84ZDYaYbYAiyysTngK8EmXF4Dto4
+ case "$1" in
+ touch /user/local/nginx/conf/htpasswd_bct_main
touch: cannot touch ‘/user/local/nginx/conf/htpasswd_bct_main’: No such file or directory
+ genpassc
+ [[ -f /user/local/nginx/conf/htpasswd_bct_main ]]

 

Was that changed? Looking over this thread, usr was used. In my docs, usr was also used. I've created passwords before using my doc.

 

Still get an error.

Code:

# /user/local/nginx/conf/htpasswd.sh create /user/local/nginx/conf/htpasswd_bct_main cu4w991q RmfLBHuR656nvoZ97F2s84ZDYaYbYAiyysTngK8EmXF4Dto4
-bash: /user/local/nginx/conf/htpasswd.sh: No such file or directory