Table of contents
Basic auth configuration
Install .htpasswd
apt-get install apache2-utils
After installed .htpasswd
, run command to set Username / Password
htpasswd -c /etc/nginx/.htpasswd user-name
# any [user-name], after run the command,
# you'll be prompt to add password.
Nginx config
Add below to
location {...}
auth_basic "secure area";
# message will prompt in the login dialog.
auth_basic_user_file /etc/nginx/.htpasswd;
# the location of the password.
Hardening Nginx
1. In http { ... }
server_tokens off;
# add this to http { ... } in nginx config file,
# it will stop server outputs which nginx version it runs on.
2. In server { ... }
add_header X-Frame-Options "SAMEORIGIN";
# stop page to be embedded in another page
add_header X-XSS-Protection "1; mode=block";
# cross site protection, if detected, block loading the page
Remove unused Nginx module
./configure --help | grep without
# remove those unused and not important module:
# --without-http_autoindex_module
Sample 1 - local
events {...}
http {
server {
listen 8888;
location / {
return 200 "hello from Nginx\n";
}
location /php {
# add_header proxied nginx;
# adding custom header for this proxy, curl outputs "proxied:nginx"
proxy_set_header proxied nginx; #set the header on the proxy request
proxy_pass 'http://localhost:9999/';
}
location /nginx-org {
proxy_pass 'https://nginx.org/';
# must ends with '/'
}
}
}
Sample 2 - on remote
server {
listen 80;
server_name auth.example.com;
root /var/www/auth.example.com;
index index.html index.htm index.nginx-debian.html;
location / {
auth_basic "secure area";
auth_basic_user_file /etc/nginx/.htpasswd;
try_files $uri $uri/ =404;
}
}