I tried basic authentication using Nginx

Hello, my name is Ken.

Last time, we used apache to perform basic authentication. In my previous blog, I announced that I would use basic authentication with nginx, so in this article I would like to write about how to set up basic authentication with nginx. This time as well, I would like to use Vagrant to introduce everything from installing nginx to setting up a virtual host and how to perform basic authentication. I hope you will keep scrolling until the end.

Environment and version used this time

virtualbox version 6.1

vagrant version 2.2.19

centos/7

nginx version nginx/1.23.1

 

Goals and steps for this blog

This time's goal

The goal of this blog is to apply basic authentication to the virtual host page set up with nginx.

Setting procedure

1. Edit vagrantfile and start vagrant
2. Enter the server with vagrant ssh
3. Install nginx
4. Set up Virtualhost
5. Perform basic authentication

I'll roughly follow the steps above, so feel free to skip the steps you already know! !

 Log in to the virtual server started with Vagrant using SSH

In order to use vagrant ssh, we will also implement the settings made in the apache basic authentication section here.

Edit vagrantfile to enable internet connection within the local environment.

An example of Vagrantfile has the following settings.

All you need to connect is

 config.vm.network "private_network", ip: "192.168.43.20"

It becomes.

  # -*- mode: ruby ​​-*- # vi: set ft=ruby : # All Vagrant configuration is done below. The "2" in Vagrant.configure # configures the configuration version (we support older styles for # backwards compatibility). Please don't change it unless you know what # you're doing. Vagrant.configure("2") do |config| # Every Vagrant development environment requires a box. You can search for # boxes at https://vagrantcloud. com/search. config.vm.box = "centos/7" # Create a forwarded port mapping which allows access to a specific port # within the machine from a port on the host machine. In the example below, # accessing "localhost: 8080" will access port 80 on the guest machine. # NOTE: This will enable public access to the opened port config.vm.network "forwarded_port", guest: 80, host: 8080 # Create a private network, which allows host-only access to the machine # using a specific IP. config.vm.network "private_network", ip: "192.168.43.20" end

When you have finished editing, vagrant up.

vagrant up

Once vagrant up is complete, connect with vagrant ssh,

 

vagrant ssh 

As you might have guessed, this is exactly the same as the previous article about using basic authentication using apache.

I'm sorry, but I think it would be better if you were kind enough to say thank you, but I would be very happy if you could ignore it. . . .
If you can log in, you are successful. Next, let's install nginx.

Let's install nginx

Last time I installed Apache, I was able to install httpd without thinking, but nginx is not that kind. If you suddenly try to install something, you will be told that there is no such thing. So, before proceeding with the installation, let's do some hard work.

• Please note that I am writing this on the assumption that you have done the yum update.

First, let's create a repository for nginx.

sudo vi /etc/yum.repos.d/nginx.repo

Now that you can open nginx.repo, write the following settings in the editor.

[nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/7/$basearch/ gpgcheck=0 enabled=1

Once you have created the above description, save it with :wq.

Next, let's install nginx.

sudo yum install nginx

Installation is now complete. If there are no problems, let's start nginx.

sudo systemctl start nginx

Finally, enter http://localhost:8080 and when the usual nginx page is displayed, the installation and startup of nginx is complete.

Next, let's create a Virtualhost.

Let's create a Virtualhost (*a little troublesome)

First, create a document root for Virtualhost. (Sometimes it is written to mean Virtualhost = vhost.)

*Since we are using centoOS this time, sites-available and sites-enabled do not exist by default, so we need to create them. However, when using a Debian-based OS, sites-available and sites-enabled do not need to be created because they exist following the apache convention.

mkdir -p /var/www/vhosts/example.com/public_html

Once the creation is complete, move to public_html and create index.html.

sudo vi index.html

Fill in the contents as desired, press :wq, and save.

In nginx, to configure vhost, you need to create directories called sites-available and sites-enabled and configure them under them. We will later create symbolic links between these two directories. First, create the two directories mentioned above.

mkdir /etc/nginx/sites-available

create another one

mkdir /etc/nginx/sites-enabled

After creating the two directories, create a conf file for Virtualhost.

Since our domain is example.com, we will name the file example.com.conf.

The description will be as follows.

server { listen 80; servername example.com; location / { root/var/www/vhosts/example.com/public_html; index index.html index.php; } }

Once you have written it, save it with :wq. Then, set symbolic links to the sites-available directory and sites-enabled directory.

sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/example.com.conf

In order for nginx to read the settings above, we will write them in nginx.conf.

Here's what to write.

include /etc/nginx/sites-enabled/*;

Write this at the bottom of nginx.conf.

user nginx; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/ octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/ access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; include /etc/nginx/sites-enabled/*; #Added section include /etc/nginx/conf.d/*.conf; }

Now that the settings are complete, let's perform a syntax check.

nginx -t

If you now see syntax okay and configuration file is successful, you can confirm that there is no problem. Finally, restart nginx for the settings to take effect.

sudo systemctl restart nginx

And don't forget to edit the hosts file.

Any IP address example.com

Add this to the hosts file and save.

*Settings will not be reflected unless executed with administrator privileges. So, run Notepad or similar program with administrator privileges, and then open the hosts file.

Now, when you search for http://example.com in your browser, if the information you entered during setup is displayed, this setup is complete.

Now that you have configured the virtualhost, the last step is to configure basic authentication.

Let's apply basic authentication to the configured Vhost

When using Apache, there is no problem since the ht system is also installed. However, in the case of nginx, the ht-based tools are not installed, so the htpasswd command cannot be used. So, let's start with that installation.

sudo yum install httpd-tools

Once the installation is complete, use the htpasswd command to prepare for basic authentication.

htpasswd -c /var/www/vhosts/example.com/.htpasswd username

Register a username and password of your choice.

Just to be sure, check that your username and password are created correctly.

cat /var/www/vhosts/example.com/.htpasswd

If the configured user name and hash value are displayed, you will know that the settings are successful.

Finally, to apply basic authentication, add auth_basic and auth_basic_user_file to example.com.conf.

server { listen 80; servername example.com; location / { root /var/www/vhosts/example.com/public_html; index index.html index.php; auth_basic auth_nginx_test; auth_basic_user_file /var/www/vhosts/example.com/ .htpasswd; } }

After writing this description, restart nginx. If basic authentication is enabled, a username and password will be required.

This completes the basic authentication settings for nginx.