Nginx : Basic Authentication + PAM2023/07/04 |
|
Configure Nginx to use OS users on Basic authentication.
|
|
| [1] |
Username and password are sent with plain text on Basic Authentication,
so Use secure connection with SSL/TLS setting, refer to here. |
| [2] | Install packages which includes [mod-http-auth-pam] module. |
|
root@www:~# apt -y install nginx-extras
|
| [3] | Configure Basic authentication + PAM. For example, set Basic Authentication to the directory [/var/www/html/auth-pam]. |
|
root@www:~#
vi /etc/nginx/sites-available/default # add settings into [server] section in a virtualhost you'd like to set
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name www.srv.world;
root /var/www/html;
ssl_certificate "/etc/letsencrypt/live/www.srv.world/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/www.srv.world/privkey.pem";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
index index.html
include /etc/nginx/default.d/*.conf;
location / {
try_files $uri $uri/ =404;
}
location /auth-pam {
auth_pam "PAM Authentication";
auth_pam_service_name "nginx";
}
.....
.....
root@www:~#
vi /etc/pam.d/nginx # create new auth include common-auth account include common-account
root@www:~#
systemctl reload nginx # create a test page root@www:~# mkdir /var/www/html/auth-pam root@www:~# vi /var/www/html/auth-pam/index.html <html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Test Page for PAM Auth </div> </body> </html> |
| [4] | Access to the test page from any client computer with web browser. Then authentication is required as settings, answer with any OS user. |
|
| [5] | That's OK if authentication is successfully passed and test page is displayed normally. |
|
Matched Content