Nginx Basic Authentication with Source IP Whitelisting

Quick post on how to setup HTTP Basic Authentication and whitelist IP Based Sources to not get prompted for Authentication.

This could be useful for systems interacting with Nginx, so that they don't have to provide authentication.

Dependencies:

Install nginx and the package required to create the auth file:

$ apt install nginx apache2-utils -y

Create the Password file:

$ htpasswd -c /etc/ngins/secrets admin

Configuration:

Create the site config:

$ rm -rf /etc/nginx/conf.d/*.conf
$ vim /etc/nginx/conf.d/default.conf

server {
    listen       80;
    server_name  localhost;

    location / {
        satisfy any;
        allow 127.0.0.1;
        deny all;

        auth_basic "restricted";
        auth_basic_user_file /etc/nginx/secrets;
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

Reload the Changes:

$ nginx -s reload

Testing:

Testing from our Whitelisted location (localhost):

curl -i http://127.0.0.1
HTTP/1.1 200 OK

Testing from remote location:

$ curl -i http://localhost
HTTP/1.1 401 Unauthorized

$ curl -i http://admin:password@localhost
HTTP/1.1 200 OK

Nginx Basic Authentication with Source IP Whitelisting

Dependencies:

Configuration:

Testing:

Comments

Read Next

How to Ingest Nginx Access Logs to Elasticsearch using Filebeat and Logstash

How to Ingest Nginx Access Logs to Elasticsearch using Filebeat and Logstash

Dependencies:

Configuration:

Testing:

Comments

Subscribe to Sysadmins

Read Next

Tags