Username: Password:

Author Topic: [TUT] How to password protect your GunBot UI behind a Nginx proxy (Linux ONLY)  (Read 6349 times)

Offline miwi

  • Rookie
  • *
  • Posts: 8
    • View Profile
In a lot of groups are advices not to run the new UI on a public server, below is a small how to, to protect your UI with a password behind the proxy.


First of we to install nginx depends on your operation system, in this case we use debian/ubuntu.

Quote
sudo apt install nginx

then you navigate to /etc/nginx/site-enable/ with

Quote
cd /etc/nginx/sites-enabled

<editor of your choice>  default
remove everything inside and replace it with

Quote
server {
    listen 80;

    server_name your_hostname;

    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
   auth_basic "Restricted Content";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }
}

Create the Password File
To start out, we need to create the file that will hold our username and password combinations. You can do this by using the OpenSSL utilities that may already be available on your server. Alternatively, you can use the purpose-made htpasswd utility included in the apache2-utils package (Nginx password files use the same format as Apache). Choose the method below that you like best.

Create the Password File Using the OpenSSL Utilities

If you have OpenSSL installed on your server, you can create a password file with no additional packages. We will create a hidden file called .htpasswd in the /etc/nginx configuration directory to store our username and password combinations.

You can add a username to the file using this command. We are using sammy as our username, but you can use whatever name you'd like:

Quote
sudo sh -c "echo -n 'miwi:' >> /etc/nginx/.htpasswd"
Next, add an encrypted password entry for the username by typing:

Quote
sudo sh -c "openssl passwd -apr1 >> /etc/nginx/.htpasswd"
You can repeat this process for additional usernames. You can see how the usernames and encrypted passwords are stored within the file by typing:

Quote
cat /etc/nginx/.htpasswd
Output
Quote
miwi:$apr1$wI1/T0nB$jEKuTJHkTOOWkopnXqC1d1


Create the Password File Using Apache Utilities

While OpenSSL can encrypt passwords for Nginx authentication, many users find it easier to use a purpose-built utility. The htpasswd utility, found in the apache2-utils package, serves this function well.

Install the apache2-utils package on your server by typing:

Quote
sudo apt-get install apache2-utils
Now, you have access to the htpasswd command. We can use this to create a password file that Nginx can use to authenticate users. We will create a hidden file for this purpose called .htpasswd within our /etc/nginx configuration directory.

The first time we use this utility, we need to add the -c option to create the specified file. We specify a username (miwi in this example) at the end of the command to create a new entry within the file:

Quote
sudo htpasswd -c /etc/nginx/.htpasswd miwi
You will be asked to supply and confirm a password for the user.

Leave out the -c argument for any additional users you wish to add:

Quote
sudo htpasswd /etc/nginx/.htpasswd another_user
If we view the contents of the file, we can see the username and the encrypted password for each record:

Quote
cat /etc/nginx/.htpasswd
Output
Quote
miwi:$apr1$lzxsIfXG$tmCvCfb49vpPFwKGVsuYz.
another_user:$apr1$p1E9MeAf$kiAhneUwr.MhAE2kKGYHK.

Please replace the username miwi with your own username.

Have fun!
« Last Edit: September 29, 2017, 04:41:21 PM by miwi »

Offline Daisy

  • Rookie
  • *
  • Posts: 12
    • View Profile
Tried to set it up as SSL, using instructions from a gekko install, same as yours but adding redirection to port 443 and SSL cert paths.  Seems to be looping authentication though :(