1.6 KiB
| title | date | draft |
|---|---|---|
| Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache | 2024-09-05T17:05:07+03:00 | false |
Here's how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system's (or your vps') resources for yourself.
The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith's tutorial and have NGINX running with certbot for certificates.
Create a username and password for authentication (or more than 1 user)
First:
sudo apt install apache2
Then:
sudo apt install apache2-utils
Create a username you wish to authenticate with the following comnmand:
sudo htpasswd -c /etc/apache2/.htpasswd admin1
You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.
If you wish to create multiple other users simply remove -c from the command and change the name.
sudo htpasswd /etc/apache2/.htpasswd admin2
Then provide a new password (the same password can also work but it's more secure that way).
Add the htpasswd file to NGINX
Navigate to the NGINX configuration file you wish to protect:
nano /etc/nginx/sites-available/<yourFileHere>
Add the following in the same server block and on the same level as listen [::]:443 ssl;:
auth_basic "Administrator’s Area";
auth_basic_user_file /etc/apache2/.htpasswd;
Further reading here.