In this post, I will explain the process of password protecting an NGINX website.

# add a username
sudo sh -c "echo -n 'santosh:' >> /etc/nginx/.blog.mypad.in.htpasswd"

# add an encrypted password
sudo sh -c "openssl passwd -apr1 >> /etc/nginx/.blog.mypad.in.htpasswd"

# verify the file
cat /etc/nginx/.blog.mypad.in.htpasswd

Configure Nginx to use the basic password authentication

Add authentication to nginx config (~/Dropbox/pandora/My-Projects/repos/mypad_ghost/system/files/blog.mypad.in-ssl.conf)

A teething issue I faced is to get the admin panel working as mentioned here and here

The trick was to turn basic_auth off for this ghost admin section. I intend to use that section only for creating content and hence that is acceptable for my usecase.

The final nginx file blog.mypad.in-ssl.conf is:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name blog.mypad.in;
    root /home/ghost/Dropbox/pandora/My-Projects/repos/mypad_ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    ssl_certificate /etc/letsencrypt/blog.mypad.in/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/blog.mypad.in/blog.mypad.in.key;
    include /etc/nginx/snippets/ssl-params.conf;

    location /ghost/ {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;
        auth_basic off;
    }

    location /comments {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Script-Name /comments;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://localhost:3939;
    }

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;

        auth_basic "Restricted Content";
        auth_basic_user_file /etc/nginx/.blog.mypad.in.htpasswd;
    }



    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

For adding posts, I directly access the website using /ghost which is anyway password protected!

I'd like to host this blog on AWS S3 next to achieve high scalability as explained in the next post.

Restart nginx

sudo service nginx restart

Resources