nginx optimization doc

2025-09-28 16:38:51 +03:30
parent bef9b7b5b7
commit 1c472e4b94
10 changed files with 102 additions and 0 deletions
--- a/Web-Servers/Nginx/08-Auth.md
+++ b/Web-Servers/Nginx/08-Auth.md
@@ -0,0 +1,75 @@
+# 🔐🔑 Nginx SSL with HTTP Basic Authentication
+
+## 📄 Example Secure Server Block (HTTPS + Password Protection)
+
+```nginx
+listen 443 ssl;
+server_name example.com www.example.com;
+
+# 🔒 SSL Certificates (Generated by Certbot)
+ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; 
+ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; 
+
+# 📂 Website Root
+root /var/www/example.com/html;
+index index.html;
+
+# 🔑 Password-Protected Location
+location / {
+    auth_basic "Admin";
+    auth_basic_user_file /etc/nginx/.htpasswd;
+    try_files $uri $uri/ =404;
+}
+```
+
+---
+
+## 🗂️ Explanation of Key Parts
+
+| Directive              | Purpose                                                             |
+| ---------------------- | ------------------------------------------------------------------- |
+| `auth_basic "Admin";`  | Enables **HTTP Basic Authentication** with prompt title “Admin”.    |
+| `auth_basic_user_file` | Points to the `.htpasswd` file containing username/password hashes. |
+| `.htpasswd` file       | Stores encrypted credentials — created using `htpasswd` command.    |
+| SSL lines              | Load the certificate and private key from **Certbot**.              |
+
+---
+
+## 🛠️ How to Set Up Password Protection
+
+### 1️⃣ Install `apache2-utils` (for `htpasswd` tool)
+
+```bash
+apt install apache2-utils
+```
+
+### 2️⃣ Create the `.htpasswd` File
+
+```bash
+htpasswd -c /etc/nginx/.htpasswd <username>
+```
+
+* `-c` creates a **new file** (omit `-c` if adding more users).
+* You’ll be prompted to set a password.
+
+### 3️⃣ Adjust File Permissions
+
+```bash
+chmod 640 /etc/nginx/.htpasswd
+chown root:www-data /etc/nginx/.htpasswd
+```
+
+### 4️⃣ Test and Reload Nginx
+
+```bash
+nginx -t
+systemctl reload nginx
+```
+
+---
+
+## ⚠️ Security Notes
+
+* Always store `.htpasswd` **outside** your web root.
+* Passwords in `.htpasswd` are hashed, but still protect the file with correct permissions.
+* Works best for **admin panels**, **staging sites**, or private areas.