View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions nginx password protecting - doing my head in!
Log in to Ask a Question

nginx password protecting - doing my head in!

development

Hi,

I'm really at my witts end with the nginx config files :( I've got the main site going, but now I can't get the password protection going :/ Here is the main bit of my conf file:

server {
    listen   443;
    #server_name site.net www.site.net;
    server_name site.net;
    access_log /srv/www/site.net/logs/access.log;
    error_log /srv/www/site.net/logs/error.log;
    root /srv/www/site.net/www;

    ssl    on;
    ssl_certificate    /srv/www/site.net/wildcard.site.net.crt;
    ssl_certificate_key    /srv/www/site.net/wildcard.site.net.key;

    if ($http_host ~ "www.site.net") {
        rewrite /(.*)$ https://site.net/$1 permanent;
    }

    location /cgi-bin/admin {

        #root /srv/www/site.net/www;

        #satisfy any;
        deny   all;
        allow  81.174.134.111;

        auth_basic "Administrator Login";
        auth_basic_user_file /var/www/site.net/htpasswd;

        location ~ \.cgi$ {
            try_files $uri =404;
            gzip off;
            include /etc/nginx/fastcgi_params;
            fastcgi_pass unix:/var/run/fcgiwrap.socket;
            fastcgi_index index.cgi;
            fastcgi_param SCRIPT_FILENAME /srv/www/site.net/www/cgi-bin/$fastcgi_script_name;
        }
    }

    location /admin {
        #satisfy any;
        allow  81.174.134.133;
        deny   all;
        #auth_basic "Administrator Login";
        #auth_basic_user_file /var/www/site.net/htpasswd;

        location ~ \.php$ {
            try_files $uri =404;
            include /etc/nginx/fastcgi_params;
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME /srv/www/site.net/www$fastcgi_script_name;
        }
    }

# other stuff here

}

81.174.134.111 is not my IP (I've changed it, so I should be getting the password request prompt, but I don't).

Any ideas what is up? ATM my admin panel is wide open, and I can't figure out how to password protect it :shock:

EDIT: Today is getting better and better! Now the friggin thing won't even load the website! I now get:

> Secure Connection Failed

An error occurred during a connection to steampunkjunkies.net. SSL received a record that exceeded the maximum permissible length. (Error code: sslerrorrxrecordtoo_long)

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

Please contact the website owners to inform them of this problem.

…which is insane, as it was working just fine with that configuration! I've trimmed it down to only:

server {
    listen   80;
    server_name www.site.net site.net;

   access_log /srv/www/site.net/logs/access.log;
    error_log /srv/www/site.net/logs/error.log;
    root /srv/www/site.net/www;

}

server {
    listen   443;
    server_name www.site.net site.net;
   access_log /srv/www/site.net/logs/access.log;
    error_log /srv/www/site.net/logs/error.log;
    root /srv/www/site.net/www;
}

..rebooted nginx, and its still not loading anything :S

TIA

Andy

4 Replies

Do you have any errors in your nginx error log that could give some more information on this? Surprised at it not loading even with your simple config there. Is nginx running for sure? You can check with the command "netstat -plantu" to see what services are running (and on what ports) on your system.

Thanks for the reply. I ended up having to do a total revert of the server (to a backup I had made earlier). Not sure why it wouldn't load any more - just refused to show even the most basic stuff. To avoid it happening again, I've now put the dev and live sites onto totally separate linodes. This way, if I'm mucking about on dev and manage to break something, it doesn't bugger up the live site as well :)

Not ideal, as I'm having to pay for 2 individual linodes… but, at the same time its good - as it means I can do a "live" compare of the files (copying the files direct from live, and then comparing the live to dev - to see which files have changed). Hopefully this'll help with going live with new features now :)

Cheers

Andy

Even though it requires two separate servers, typically separating your dev and live environments is a very good way to go about this so you don't cause issues with your production. You could also try to run a virtual environment locally to use as testing and development and try to mirror it as close to your production as possible.

Yeah - thats what I decided in the end as well. Its also quite nice, as I am keeping a duplicated copy of the "live" site on dev, alongside the development files. I then can do a diff on the files in there, to see what is different to the live (so I know what I've got to change on live, i.e templates, javascripts, css files, images etc). Should make porting changes over a lot easier!

Cheers

Andy

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct