Security features in NGINX

• Restrict access wherever possible by allowing and blocking IP address.

• You can protect sensitive pages by username and password

• Use SSL certificate to secure site by encrypting client-server traffic

Restrict Access Via IP address

Let's say you wanna restrict all api address fromm accessing a page calledsecure.

To do that in your nginx configuration add a location block inside your server context.

server{  ...  location /secure{    try_files$uri /secure.html;    deny all;}  ...}

Thedeny all makes all ip address restricted.

Now test your nginx config and reload. Run:

sudonginx-tsudonginx-s reload

Try to access/secure path you will get a 403 Forbidden HTTP Status Page.

If you wanna allow any ip address use the below syntax in config file:

server{  ...  location /secure{    try_files$uri /secure.html;    allow 127.0.0.1;    deny all;}  ...}

change127.0.0.1 to the ip address you want to allow.

If you want to know your own ip address. Go to google and searchwhat is my ip address. You will get your ip address from search result.

Note: Your IP address is generally a public ip address provided by your ISP provider. It usually changes every one or two days.

Protect sensitive pages by username and password

Sometimes we want allow internal members to access some page. In that case, we can setup a username and password to allow only internal members.

Steps to setup username and password for a page:

1. First install a utility to set user name and password:

sudoapt-getinstall-y apache2-utils

1. Next switch to root user if you are not already. Run:

sudosu

Enter your password if terminal asks for one.

1. For first time to set a username password.Syntax:

  htpasswd-c /path/to/save/passwords username

Example:

  htpasswd-c /etc/nginx/password admin

The above command create a user namedadmin. The terminal will asks you for new password. Type the new password you want to set.

1. If you to add another user calleduser1 type:

  htpasswd /etc/nginx/password user1

Note: no need for-c flag

1. Now let's say we want to set auth forsecure page. Go to your nginx config file and use:

# my file path: /etc/nginx/conf.d/tech.conf# your might be in: /etc/nginx/sites-available/tech.confserver{  ...  location /secure{        try_files$uri /secure.html;        auth_basic"Authentication is required here...";        auth_basic_user_file /etc/nginx/passwords;        ....}   ....}

1. Now test and reload your nginx config file. Run:

sudonginx-tsudonginx-s reload

1. Go to secure page and you will see, it is asking you for username and password.

References

• https://www.youtube.com/watch?v=1BlUS5TzSzk&list=PLHXG_yQQf1HVFWNsZyxIASDCJMjkRUWuR&index=7&t=1s