Restricted Access to the website with http basic authentication for additional security layer
##############
#For Nginx Server
##############
#Restricted Acccess to the website
#Creating login Username and Password
#SSH access to site folder or root and follow below command line
to create first user >> sudo htpasswd -c /etc/apache2/.htpasswd user1
to create more user >> sudo htpasswd /etc/apache2/.htpasswd user2
Then,
#Add the following code in Nginx server block
auth_basic "Restricted Area";
auth_basic_user_file /etc/apache2/.htpasswd;
#End - Restricted Access to view the website
check nginx block >> sudo nginx -t
restart nginx >> sudo systemctl nginx restart
###############
#For Apache Server
###############
#Creating login Username and Password
#SSH access to site folder and follow below command line
[sitefolder]:public_html$ sudo htpasswd -c .htpasswd name-of-user
New password:
Re-type new password:
Adding password for user name-of-user
[sitefolder]:public_html$
#End creating User and Password
Then,
#Add in the following code in .htaccess for Restricted Access
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /public_html/.htpasswd
require user dbadmin
#End Restricted Access
Wednesday, December 4, 2019
Friday, November 29, 2019
How to Redirect Subdomain to another Domain in Nginx
#Add server block as bellow to redirect yourolddomin.com to yournewdomain.com
#Redirect subdomain "mail.yourdomain.com" to subfolder "yourdomain.com/mail"
server {
listen 80;
server_name yourolddomain.com;
return 301 $scheme://yournewdomain.com$request_uri;
}
#To redirect folder to subdomain
#If want to redirect permanently, change "redirect" to "permanent"
rewrite ^/images/(.*)$ http://images.example.com/$1 redirect;
#Redirect subdomain "mail.yourdomain.com" to subfolder "yourdomain.com/mail"
server {
listen 80;
server_name yourolddomain.com;
return 301 $scheme://yournewdomain.com$request_uri;
}
#To redirect folder to subdomain
#If want to redirect permanently, change "redirect" to "permanent"
rewrite ^/images/(.*)$ http://images.example.com/$1 redirect;
Tuesday, February 19, 2019
Nginx Server Block
server {
listen 80;
# Allow IP
# allow 111.11.11.111; #IP address
# Block all
# deny all;
# added with Expires map
expires $expires;
# disable any unwanted HTTP methods
if ($request_method !~ ^(GET|HEAD|POST)$)
{
return 444;
}
# enable compression
gzip on;
gzip_comp_level 9;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
# text/html is always compressed by gzip module
location ~* \.(jpg|jpeg|png|gif|ico|css|js|pdf)$ {
expires 7d;
#add_header Cache-control "public, no-transform";
add_header ETag "";
}
# enable compression
# added for stronger on Let's Encrypt SSL
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# to increased upload file size
client_max_body_size 128m;
# for cookies
large_client_header_buffers 4 16k;
root /var/www/html/yourdomain.com;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name domian.com www.domain.com;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
# to increased upload file size
fastcgi_param PHP_VALUE "upload_max_filesize=128M \n post_max_size=128M";
}
# XSS Protection
add_header X-XSS-Protection "1; mode=block" always;
# to disable content-type sniffing on some browsers
add_header X-Content-Type-Options nosniff always;
# config to enable HSTS(HTTP Strict Transport Security)
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
# for security
add_header X-Frame-Options SAMEORIGIN;
# access log off
access_log off;
log_not_found off;
error_log /var/log/nginx-error.log warn;
}
listen 80;
# Allow IP
# allow 111.11.11.111; #IP address
# Block all
# deny all;
# added with Expires map
expires $expires;
# disable any unwanted HTTP methods
if ($request_method !~ ^(GET|HEAD|POST)$)
{
return 444;
}
# enable compression
gzip on;
gzip_comp_level 9;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
# text/html is always compressed by gzip module
location ~* \.(jpg|jpeg|png|gif|ico|css|js|pdf)$ {
expires 7d;
#add_header Cache-control "public, no-transform";
add_header ETag "";
}
# enable compression
# added for stronger on Let's Encrypt SSL
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# to increased upload file size
client_max_body_size 128m;
# for cookies
large_client_header_buffers 4 16k;
root /var/www/html/yourdomain.com;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name domian.com www.domain.com;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
# to increased upload file size
fastcgi_param PHP_VALUE "upload_max_filesize=128M \n post_max_size=128M";
}
# XSS Protection
add_header X-XSS-Protection "1; mode=block" always;
# to disable content-type sniffing on some browsers
add_header X-Content-Type-Options nosniff always;
# config to enable HSTS(HTTP Strict Transport Security)
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
# for security
add_header X-Frame-Options SAMEORIGIN;
# access log off
access_log off;
log_not_found off;
error_log /var/log/nginx-error.log warn;
}
Subscribe to:
Posts (Atom)