Link Search Menu Expand Document
Table of contents

Basic auth configuration

Install .htpasswd

apt-get install apache2-utils 

After installed .htpasswd, run command to set Username / Password

htpasswd -c /etc/nginx/.htpasswd user-name 
    # any [user-name], after run the command, 
    # you'll be prompt to add password.

Nginx config

Add below to location {...}

auth_basic "secure area";
    # message will prompt in the login dialog. 
auth_basic_user_file /etc/nginx/.htpasswd;
    # the location of the password.

Hardening Nginx

1. In http { ... }

server_tokens off;
    # add this to http { ... } in nginx config file,
    # it will stop server outputs which nginx version it runs on.

2. In server { ... }

add_header X-Frame-Options "SAMEORIGIN"; 
    # stop page to be embedded in another page 
add_header X-XSS-Protection "1; mode=block";
    # cross site protection, if detected, block loading the page 

Remove unused Nginx module

./configure --help | grep without 
    # remove those unused and not important module: 
    # --without-http_autoindex_module 

Sample 1 - local

events {...}

http {
    server {
        listen 8888;

        location / {
            return 200 "hello from Nginx\n";
        }

        location /php {
            # add_header proxied nginx;
            # adding custom header for this proxy, curl outputs "proxied:nginx" 
            proxy_set_header proxied nginx; #set the header on the proxy request 
            proxy_pass 'http://localhost:9999/';
        }

        location /nginx-org {
            proxy_pass 'https://nginx.org/';
            # must ends with '/'
        }
    }
}

Sample 2 - on remote

server {
        listen 80;
        server_name auth.example.com;
        root /var/www/auth.example.com;
        index index.html index.htm index.nginx-debian.html;

        location / {
            auth_basic "secure area";
            auth_basic_user_file /etc/nginx/.htpasswd;
            try_files $uri $uri/ =404;
        }
}