Security Configurations for NGINX

In this guide, we’ll walk you through configuring additional security measures for your PHP application running on an NGINX application server.

You can implement the following security configurations:

1. Authentication
2. Access Criteria Setup

Security Through Authentication

To implement authentication security measures, follow these steps:

Step 1. Generate a hash from your password using any htpasswd tool.
Step 2. Create a simple text file containing the previously generated hash.
Step 3. Click on the “Config” button for your server.
Step 4. Upload the created file to the /var/www/webroot/ROOT directory.

In the /etc/nginx directory, open the nginx.conf file and update the directory configurations as follows:

Step 1. For authentication across the entire application, modify the location configurations by adding the following lines:

auth_basic "Restricted area";
auth_basic_user_file /var/www/webroot/ROOT/.htpasswd;

Step 2. For authentication in a specific directory, add the following location block, specifying the path to the desired directory:

location ~ /directory_path {
auth_basic "Restricted";
auth_basic_user_file /var/www/webroot/ROOT/.htpasswd;}

Step 3. Save the changes and Restart NGINX.

As a result, when accessing the application or the protected directory, users will be prompted to authenticate.

Security through setting up criteria

To enhance security, you can set up criteria such as allowing or denying access based on IP address. This is achieved using the Allow and Deny directives in the nginx.conf file located in the /etc/nginx directory. Below are the steps to configure access restrictions:

Step 1. Deny access to the whole application: Modify the location configurations using the following directives:

deny xx.xx.xx.x;
allow xx.xx.xx.x;
deny all;

These directives will deny access to the specified IP address (xx.xx.xx.x) while allowing access to another IP address and denying access to all other addresses.

By implementing these criteria, you can effectively control access to your application based on IP addresses.

Deny Access to a Specific Directory

To restrict access to a specific directory, add the following location block to your nginx.conf file, specifying the path to the directory you wish to protect:

location /directory_path {
deny 192.xx.xx.100;
allow 203.xx.xx.10;
deny all;
}

In this example:

• Requests from the IP address 192.xx.xx.100 will be denied access.
• Requests from the IP address 203.xx.xx.10 will be allowed access.
• All other requests will be denied access.

As a result, users with any IP address except the allowed ones will see a 403 Forbidden error when attempting to access your application. Replace /directory_path with the actual path to the directory you wish to secure.