Question

Nginx - Additional Security

Answer 1

The issue of security is very important and although we can implement several actions to ensure our services it never hurts to apply some additional security routines, one of them is to protect by username and password some URLs .

This type of protection is standard when we have web administrators for some sections that are high risk, such as the database administrator or the administrative area of ​​our site.

HTTP Access Control

This method consists of being able to apply an authentication process for accessing some folder or file through HTTP , this helps us to protect APIs and additional resource types, it is easy and quick to implement and everything is based on the HTTP headers.

Creating an Access Control

Creating an access control using HTTP is very simple, to do so we must have access to the server where our resource is located and have the corresponding permissions, then we can follow the following steps:

1- We will generate the user and the password necessary to access the resource, for this we will use the Apache utils library with the htpasswd command, this command helps us create a file where we store the user and password in a hash that we will use later, to create the file we must do the following:

What's happening here?

This will generate a user, in this case called dipankar but it can be any other username and then ask us to enter a password which we must remember very well in order to use this.

2- Once the file with the user and the password is done, we have to indicate to Nginx that he must use said file to protect the location that we have decided, this will add a new interface in the front end of the site that will protect our resources, let's see The following image shows a portion of the configuration file where we apply this:

Here we see how in the location block , we indicate that to access the root of the site the auth_basic directive must be applied and we indicate the path of the file that we have generated in step 1 , and with that we will have our security layer established.

3- Since we have applied the corresponding configuration we only have access to our site, remember the user and the key that we have placed at the beginning when we created the file and now we will use it, let's see:

In case we do not remember our data or is an unauthorized person when authentication fails the server will send a restricted access message 401 , with this we can effectively have a new layer of security for our site.
As we see Nginx allows us to add more security to protect our resources, this type of implementation that we saw is very used when we have administrators with web interfaces that we do not want to see, for example an access to Cpanel or phpMyAdmin , which are very web interfaces. delicate

---