NginX for basic authentication

[IronOxidizer]

Edit: There is very little reason to use this method over Moonfire's built-in authentication. Leaving this up for future reference.

Just wanted to make a note that NginX can be used as a basic authentication measure. I can't speak as to how secure it is, but if you're looking for a stop-gap solution, this seems to work. Do note that live view will not work when using basic authentication, hopefully there's an easy fix.

https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/

This can also be used in combination with NginX-served TLS certs for authentication over HTTPS. This along with 443 portforward + free afraid_org subdomain + DDNS is what I'm using as my setup.

My nginx conf is as follows:

server {
    server_name my.domain.com;

    auth_basic "restricted";
    auth_basic_user_file /etc/nginx/.htpasswd;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass http://127.0.0.1:8080/;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/my.domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/my.domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = my.domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80 default_server;
    listen [::]:80 default_server;
    server_name my.domain.com;
    return 404; # managed by Certbot


}

[scottlamb]

Have you tried the cookie-based auth? The issue is still open (#26) because there's some fancier stuff I want to implement, but logging in, logging out, and authenticating with sessions works fine, and I've been using it for a while.

[IronOxidizer]

Ah, didn't realize it was fully functional. Just tested it now and it works great! Also looks like the live view + auth issue was a result of me incorrectly configuring NginX, using your config fixed that.

[scottlamb]

I just updated the first comment on #26 to reflect current status; hopefully it won't mislead anyone else into thinking auth is totally unimplemented then. Are there docs that need fixing, too?