Protecting virtual hosts and directories
Table of Contents
You can block access to your any virtual host using the normal Nginx syntax, in your ___general/example.com.conf
file
satisfy any;
allow x.x.x.x;
auth_basic "Login";
auth_basic_user_file /microcloud/data/domains/x/domains/x/___general/.htpasswd;
deny all;
You should put the .htpasswd
in the ___general
directory.
After adding changes to the nginx configuration, you'll need to reload nginx to activate them - to do this, run:
/etc/init.d/nginx reload
Directive | Purpose |
---|---|
satisfy any |
This means that the authentication will be performed either by username/password, or by IP address. It can be changed to satisfy both to authenticate by both IP and username/password |
allow x.x.x.x; |
Where x.x.x.x is an IP address/subnet, you can repeat this line as many times as desired to permit access by IP |
Adding users
As we use Nginx on MageStack, the Apache htpasswd
utility is not installed, however, as it uses a standard crypt
format, you can generate the format via command line.
The following command will add a user user
and a password password
to the .htpasswd file (assuming your current working directory is ___general
).
printf "user:$(openssl passwd -1 password)\n" >> .htpasswd
Subdomains
If you want to protect a subdomain, then the best solution is to add the subdomain as a new virtualhost (rather than using dynamic a subdomain). Then you can configure the ___general/example.com.conf
file to suit.
Subdirectories
To protect a sub-directory, a similar process to above is repeated, you merely need to define the appropriate location that it refers to.
Eg. To protect /secret
location ~* ^/(index.php/)?secret {
satisfy any;
allow x.x.x.x;
auth_basic "Login";
auth_basic_user_file /microcloud/data/domains/x/domains/x/___general/.htpasswd;
deny all;
location ~* \.(php)$ {
include fastcgi_params;
}
try_files $uri $uri/ /secret/index.php @bootstrap;
}
and then reload nginx by running:
/etc/init.d/nginx reload
Directive | Purpose |
---|---|
fastcgi_params |
This ensures that PHP files are processed and not downloaded by the browser |
try_files |
This is required to process any static files or to re-direct to a specific file if the URL doesn't exist |
@bootstrap |
This is a last-resort for requests and redirects all requests to the Magento bootstrap Ie. /index.php |