You've successfully subscribed to MyPad Blog
Great! Next, complete checkout for full access to MyPad Blog
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

Password Protect a Ghost website served by NGINX

Santosh Srinivas
Santosh Srinivas
Password Protect a Ghost website served by NGINX

In this post, I will explain the process of password protecting an NGINX website.

# add a username
sudo sh -c "echo -n 'santosh:' >> /etc/nginx/.blog.mypad.in.htpasswd"

# add an encrypted password
sudo sh -c "openssl passwd -apr1 >> /etc/nginx/.blog.mypad.in.htpasswd"

# verify the file
cat /etc/nginx/.blog.mypad.in.htpasswd

Configure Nginx to use the basic password authentication

Add authentication to nginx config (~/Dropbox/pandora/My-Projects/repos/mypad_ghost/system/files/blog.mypad.in-ssl.conf)

A teething issue I faced is to get the admin panel working as mentioned here and here

The trick was to turn basic_auth off for this ghost admin section. I intend to use that section only for creating content and hence that is acceptable for my usecase.

The final nginx file blog.mypad.in-ssl.conf is:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name blog.mypad.in;
    root /home/ghost/Dropbox/pandora/My-Projects/repos/mypad_ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    ssl_certificate /etc/letsencrypt/blog.mypad.in/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/blog.mypad.in/blog.mypad.in.key;
    include /etc/nginx/snippets/ssl-params.conf;

    location /ghost/ {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;
        auth_basic off;
    }

    location /comments {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Script-Name /comments;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://localhost:3939;
    }

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;

        auth_basic "Restricted Content";
        auth_basic_user_file /etc/nginx/.blog.mypad.in.htpasswd;
    }



    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

For adding posts, I directly access the website using /ghost which is anyway password protected!

I'd like to host this blog on AWS S3 next to achieve high scalability as explained in the next post.

Restart nginx

sudo service nginx restart

Resources

ghostsecurityawsperformancescalability

You might also like

Daily Coding - Data transfer between Python and R
Members Public

Daily Coding - Data transfer between Python and R
Daily Coding - Write data from an AWS Lambda call to sqlite3
Members Public

Daily Coding - Write data from an AWS Lambda call to sqlite3