update nginx

Web Servers & Reverse Proxies/Nginx/7-ssl.md

@@ -0,0 +1,56 @@
+# 🔐 Nginx SSL Configuration Guide
+
+## 📄 Example Server Block (HTTPS)
+
+```nginx
+listen 443 ssl;
+server_name example.com www.example.com;
+
+# 🔒 SSL Certificate (Generated by Certbot)
+ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; 
+ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; 
+
+# 📂 Website Root
+root /var/www/example.com/html;
+index index.html;
+
+# 🚦 Request Handling
+location / {
+    try_files $uri $uri/ =404;
+}
+```
+
+---
+
+## 🗂️ What Each Part Does
+
+| Directive                    | Meaning                                                |
+| ---------------------------- | ------------------------------------------------------ |
+| `listen 443 ssl;`            | Listens on port **443** for secure HTTPS traffic.      |
+| `server_name`                | Specifies the domain(s) for this site.                 |
+| `ssl_certificate`            | The **full certificate chain** file from Certbot.      |
+| `ssl_certificate_key`        | The **private key** file from Certbot.                 |
+| `root`                       | Directory containing your website’s files.             |
+| `index`                      | Default file served for a directory request.           |
+| `try_files $uri $uri/ =404;` | Checks if a file/directory exists, else returns a 404. |
+
+---
+
+## ⚠️ SSL Notes
+
+* Certbot certificates are stored here:
+
+  ```
+  /etc/letsencrypt/live/<your-domain>/
+  ```
+* Certificates **expire every 90 days** — set up auto-renew:
+
+  ```bash
+  certbot renew --quiet
+  ```
+* After renewal, always reload Nginx to apply changes:
+
+  ```bash
+  systemctl reload nginx
+  ```
+

Web Servers & Reverse Proxies/Nginx/8-auth.md

@@ -0,0 +1,75 @@
+# 🔐🔑 Nginx SSL with HTTP Basic Authentication
+
+## 📄 Example Secure Server Block (HTTPS + Password Protection)
+
+```nginx
+listen 443 ssl;
+server_name example.com www.example.com;
+
+# 🔒 SSL Certificates (Generated by Certbot)
+ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; 
+ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; 
+
+# 📂 Website Root
+root /var/www/example.com/html;
+index index.html;
+
+# 🔑 Password-Protected Location
+location / {
+    auth_basic "Admin";
+    auth_basic_user_file /etc/nginx/.htpasswd;
+    try_files $uri $uri/ =404;
+}
+```
+
+---
+
+## 🗂️ Explanation of Key Parts
+
+| Directive              | Purpose                                                             |
+| ---------------------- | ------------------------------------------------------------------- |
+| `auth_basic "Admin";`  | Enables **HTTP Basic Authentication** with prompt title “Admin”.    |
+| `auth_basic_user_file` | Points to the `.htpasswd` file containing username/password hashes. |
+| `.htpasswd` file       | Stores encrypted credentials — created using `htpasswd` command.    |
+| SSL lines              | Load the certificate and private key from **Certbot**.              |
+
+---
+
+## 🛠️ How to Set Up Password Protection
+
+### 1️⃣ Install `apache2-utils` (for `htpasswd` tool)
+
+```bash
+apt install apache2-utils
+```
+
+### 2️⃣ Create the `.htpasswd` File
+
+```bash
+htpasswd -c /etc/nginx/.htpasswd <username>
+```
+
+* `-c` creates a **new file** (omit `-c` if adding more users).
+* You’ll be prompted to set a password.
+
+### 3️⃣ Adjust File Permissions
+
+```bash
+chmod 640 /etc/nginx/.htpasswd
+chown root:www-data /etc/nginx/.htpasswd
+```
+
+### 4️⃣ Test and Reload Nginx
+
+```bash
+nginx -t
+systemctl reload nginx
+```
+
+---
+
+## ⚠️ Security Notes
+
+* Always store `.htpasswd` **outside** your web root.
+* Passwords in `.htpasswd` are hashed, but still protect the file with correct permissions.
+* Works best for **admin panels**, **staging sites**, or private areas.