1

I'm trying to password protect an entire port on my website--https://domain.com:8081 and http://domain.com:8081

I have tried editing /etc/nginx/sites-enabled/domain.com.vhost by adding the following within the server block to no avail (which I got from this link, except that link is in regards to password protecting directories rather than ports):

location ^~ :8081 {
auth_basic            "Restricted Area";
auth_basic_user_file  conf/htpasswd;
}

I also tried "location :8081", but this also did not work.

How can I password protect port 8081 (or any other port I desire for that matter)?

If it makes any difference, I'm using Ubuntu 14.04.1 LTS with Nginx 1.4.6.

Thanks.

[EDIT]

When implementing Nathan's solution, when going to https://domain.com:8081/phpmyadmin/ (SSL), it brings up the prompt for a username and password, but gives me a "500 Internal Server Error" page. Here's what shows on the Nginx error log:

[crit] 3390#0: *154 open() "/etc/nginx/conf/htpasswd" failed (13: Permission denied), client: 152.35.52.108, server: domain.com, request: "GET /phpmyadmin/ HTTP/1.1", host: "domain.com:8081"

When going to http://domain.com:8081/phpmyadmin/ (non-SSL), it gives me "400 Bad Request The plain HTTP request was sent to HTTPS port". Nothing registers for this on the error log; instead, the following appears on the Nginx access log:

"GET /phpmyadmin/ HTTP/1.1" 40.1" 400 279 "-" "[user agent]"
Pamela
  • 187
  • 1
  • 13

1 Answers1

3

I'm assuming you have a separate server { block for this port...so you'd just protect the / directory from within that server block:

location / {
auth_basic            "Restricted Area";
auth_basic_user_file  conf/htpasswd;
}

So:

server {
listen 8081;
server_name whateveryouwant;
root /path/to/root/folder;
location / {
    auth_basic            "Restricted Area";
    auth_basic_user_file  conf/htpasswd;
    }
}

I haven't tested this, but that's how it should look.

Nathan C
  • 14,901
  • 4
  • 42
  • 62
  • 2
    There is no need for location. Just put auth_basic to server level – Alexey Ten Aug 15 '14 at 19:09
  • Thanks for the quick, helpful answer. This now brings up the prompt for a username and password (as does the suggestion of @AlexeyTen). However, when I input the correct credentials, it takes me to a "500 Internal Server Error" page. I made sure the permission is correct for my htpasswd file (711). Any idea how to fix this? – Pamela Aug 15 '14 at 21:57
  • Another note--when I go to https://domain.com:8081 (SSL), this brings up the prompt for a username and password, as described above; however, when I go to http://domain.com:8081 (non-SSL), I simply get "400 Bad Request The plain HTTP request was sent to HTTPS port" – Pamela Aug 15 '14 at 22:06
  • 1
    @Pamela Please updates your question with the output from nginx error log – masegaloeh Aug 15 '14 at 22:43
  • @masegaloeh, I've updated my question accordingly. – Pamela Aug 15 '14 at 23:10
  • 3
    The correct permission for the htpasswd file would be `644`, or `rw-r--r--` in textual format. If the htpasswd file is owned by the user that runs the nginx process, then `400` permission would be enough. – Tero Kilkanen Aug 16 '14 at 01:42
  • Thanks @TeroKilkanen. I changed the permission for the htpasswd file to 644, but now after entering in the correct credentials, I get a "500 Internal Server Error" page. This is what's in the Nginx error log: "[crit] 32075#0: *1 crypt_r() failed (22: Invalid argument)". It seems this issue should have been [fixed in a previous Nginx version--1.3.10](http://forum.nginx.org/read.php?27,234422,234422): "Bugfix: "crypt_r() failed" errors might appear if the "auth_basic" directive was used on Linux." My username and password are both less than 8 characters long. Any ideas what I'm doing wrong? – Pamela Aug 16 '14 at 19:17
  • I suppose Nathan's code is correct for what I asked. I've been tinkering with it ever since and it seems like I'm experiencing another issue which is due to the root path settings being incorrect, although I'm still trying to figure it out. I suppose it will be more fitting for me to open a separate question for that issue since it is different. Thanks. – Pamela Aug 18 '14 at 19:46