diff --git a/Web Servers & Reverse Proxies/CertBot/temp.md b/Web Servers & Reverse Proxies/CertBot/certbot.md similarity index 100% rename from Web Servers & Reverse Proxies/CertBot/temp.md rename to Web Servers & Reverse Proxies/CertBot/certbot.md diff --git a/Web Servers & Reverse Proxies/Nginx/7-ssl.md b/Web Servers & Reverse Proxies/Nginx/7-ssl.md new file mode 100644 index 0000000..2ef56c7 --- /dev/null +++ b/Web Servers & Reverse Proxies/Nginx/7-ssl.md @@ -0,0 +1,56 @@ +# πŸ” Nginx SSL Configuration Guide + +## πŸ“„ Example Server Block (HTTPS) + +```nginx +listen 443 ssl; +server_name example.com www.example.com; + +# πŸ”’ SSL Certificate (Generated by Certbot) +ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; +ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; + +# πŸ“‚ Website Root +root /var/www/example.com/html; +index index.html; + +# 🚦 Request Handling +location / { + try_files $uri $uri/ =404; +} +``` + +--- + +## πŸ—‚οΈ What Each Part Does + +| Directive | Meaning | +| ---------------------------- | ------------------------------------------------------ | +| `listen 443 ssl;` | Listens on port **443** for secure HTTPS traffic. | +| `server_name` | Specifies the domain(s) for this site. | +| `ssl_certificate` | The **full certificate chain** file from Certbot. | +| `ssl_certificate_key` | The **private key** file from Certbot. | +| `root` | Directory containing your website’s files. | +| `index` | Default file served for a directory request. | +| `try_files $uri $uri/ =404;` | Checks if a file/directory exists, else returns a 404. | + +--- + +## ⚠️ SSL Notes + +* Certbot certificates are stored here: + + ``` + /etc/letsencrypt/live// + ``` +* Certificates **expire every 90 days** β€” set up auto-renew: + + ```bash + certbot renew --quiet + ``` +* After renewal, always reload Nginx to apply changes: + + ```bash + systemctl reload nginx + ``` + diff --git a/Web Servers & Reverse Proxies/Nginx/8-auth.md b/Web Servers & Reverse Proxies/Nginx/8-auth.md new file mode 100644 index 0000000..2f70f27 --- /dev/null +++ b/Web Servers & Reverse Proxies/Nginx/8-auth.md @@ -0,0 +1,75 @@ +# πŸ”πŸ”‘ Nginx SSL with HTTP Basic Authentication + +## πŸ“„ Example Secure Server Block (HTTPS + Password Protection) + +```nginx +listen 443 ssl; +server_name example.com www.example.com; + +# πŸ”’ SSL Certificates (Generated by Certbot) +ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; +ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; + +# πŸ“‚ Website Root +root /var/www/example.com/html; +index index.html; + +# πŸ”‘ Password-Protected Location +location / { + auth_basic "Admin"; + auth_basic_user_file /etc/nginx/.htpasswd; + try_files $uri $uri/ =404; +} +``` + +--- + +## πŸ—‚οΈ Explanation of Key Parts + +| Directive | Purpose | +| ---------------------- | ------------------------------------------------------------------- | +| `auth_basic "Admin";` | Enables **HTTP Basic Authentication** with prompt title β€œAdmin”. | +| `auth_basic_user_file` | Points to the `.htpasswd` file containing username/password hashes. | +| `.htpasswd` file | Stores encrypted credentials β€” created using `htpasswd` command. | +| SSL lines | Load the certificate and private key from **Certbot**. | + +--- + +## πŸ› οΈ How to Set Up Password Protection + +### 1️⃣ Install `apache2-utils` (for `htpasswd` tool) + +```bash +apt install apache2-utils +``` + +### 2️⃣ Create the `.htpasswd` File + +```bash +htpasswd -c /etc/nginx/.htpasswd +``` + +* `-c` creates a **new file** (omit `-c` if adding more users). +* You’ll be prompted to set a password. + +### 3️⃣ Adjust File Permissions + +```bash +chmod 640 /etc/nginx/.htpasswd +chown root:www-data /etc/nginx/.htpasswd +``` + +### 4️⃣ Test and Reload Nginx + +```bash +nginx -t +systemctl reload nginx +``` + +--- + +## ⚠️ Security Notes + +* Always store `.htpasswd` **outside** your web root. +* Passwords in `.htpasswd` are hashed, but still protect the file with correct permissions. +* Works best for **admin panels**, **staging sites**, or private areas.