{"id":170,"date":"2023-04-05T17:47:29","date_gmt":"2023-04-05T15:47:29","guid":{"rendered":"https:\/\/gilbert.busana.lu\/?p=170"},"modified":"2023-04-29T23:44:17","modified_gmt":"2023-04-29T21:44:17","slug":"nginx-http-basic-authentication","status":"publish","type":"post","link":"https:\/\/www.homeserver.lu\/?p=170","title":{"rendered":"NGINX: HTTP basic authentication"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">The <em>ngx_http_auth_basic_module<\/em> module allows limiting access to resources by validating the user name and password using the \u201cHTTP Basic Authentication\u201d protocol.<br>Access can also be limited by address. Simultaneous limitation of access by address and by password is controlled by the satisfy directive.<br>Add the following to the vhost config file to limit access:<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>location \/ {\n    auth_basic           \u201cRestricted access&quot;;\n    auth_basic_user_file \/etc\/nginx\/passwords\/passwords;\n}<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">This enables validation of user name and password using the \u201c<em>HTTP Basic Authentication<\/em>\u201d protocol. The specified parameter is used as a realm. The special value off cancels the effect of the auth_basic directive inherited from the previous configuration level.<br>Specifies a file that keeps user names and passwords, in the following format:<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code># comment\nname1:password1\nname2:password2:comment\nname3:password3<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">The following password types are supported:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>encrypted with the crypt() function; can be generated using the \u201chtpasswd\u201d utility from the Apache HTTP Server distribution or the \u201copenssl passwd\u201d command;<\/li>\n\n\n\n<li>hashed with the Apache variant of the MD5-based password algorithm (apr1); can be generated with the same tools;<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Create password for first user:<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>htpasswd -c \/etc\/nginx\/passwords\/passwords paul<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">To add an additional user:<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>htpasswd \/etc\/nginx\/passwords\/passwords pierre<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">To allow per adddress:<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>location \/ {\n    deny  192.168.1.1;\n    allow 192.168.1.0\/24;\n    allow 10.1.1.0\/16;\n    allow 2001:0db8::\/32;\n    deny  all;\n}<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Allows access if all (all) or at least one (any) of the <em>ngx_http_access_module<\/em>, <em>ngx_http_auth_basic_module<\/em>, <em>ngx_http_auth_request_module<\/em>, or <em>ngx_http_auth_jwt_module<\/em> modules allow access.<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>location \/ {\n    satisfy any;\n    allow 192.168.1.0\/24;\n    allow 10.0.X.0\/24;\n    deny  all;\n\n    auth_basic           &quot;closed site&quot;;\n    auth_basic_user_file conf\/htpasswd;\n}<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Source: <\/strong><a href=\"https:\/\/nginx.org\/en\/docs\/http\/ngx_http_auth_basic_module.html\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/nginx.org\/en\/docs\/http\/ngx_http_auth_basic_module.html<\/a><br><strong>Source: <\/strong><a href=\"https:\/\/nginx.org\/en\/docs\/http\/ngx_http_access_module.html\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/nginx.org\/en\/docs\/http\/ngx_http_access_module.html<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The ngx_http_auth_basic_module module allows limiting access to resources by validating the user name and password using the \u201cHTTP Basic Authentication\u201d protocol.Access can also be limited by address. Simultaneous limitation of access by address and by password is controlled by the satisfy directive.Add the following to the vhost config file to limit access: This enables validation [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[16,15],"tags":[],"class_list":["post-170","post","type-post","status-publish","format-standard","hentry","category-reverse-proxy","category-webserver"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.homeserver.lu\/index.php?rest_route=\/wp\/v2\/posts\/170","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.homeserver.lu\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.homeserver.lu\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.homeserver.lu\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.homeserver.lu\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=170"}],"version-history":[{"count":7,"href":"https:\/\/www.homeserver.lu\/index.php?rest_route=\/wp\/v2\/posts\/170\/revisions"}],"predecessor-version":[{"id":293,"href":"https:\/\/www.homeserver.lu\/index.php?rest_route=\/wp\/v2\/posts\/170\/revisions\/293"}],"wp:attachment":[{"href":"https:\/\/www.homeserver.lu\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=170"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.homeserver.lu\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=170"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.homeserver.lu\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=170"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}