Basic Security for Applications with NGINX Balancer

Safeguarding websites and web apps is becoming a crucial internet security concern as organizations use the web for operations and as more and more information is published online every year. Usually, the response is to purchase a large number of preventive instruments. However, it’s a good idea to think about a few basic security measures before committing to any elaborate or costly protection solutions. Simple security precautions are frequently the most successful.

Applications utilizing NGINX as a frontend load balancer can benefit from built-in techniques that come at no additional cost.

The NGINX load balancer server’s primary function is to effectively divide requests among several application server nodes, guaranteeing excellent system availability and dependability. Both HTTP and TCP traffic types are supported by NGINX.

In case you have multiple application server nodes, the setup automatically includes a load-balancing node. In addition, even with a single server, you can manually add a load balancer. Just click the Balancing wizard in the Environment Topology pane above the application server of your choice.

After setting up your environment, follow these instructions to configure the required protection methods:

1. Authentication: Using a password, this technique protects program access.
2. IP Address Deny: This feature prevents users from using particular IP addresses to access the application.

Additionally, we’ll examine how to apply these techniques in tandem. Now let’s get this implemented in your setting. This is how to accomplish it!

Using authentication is a simple yet powerful way to manage who may access your application and stop illegal access. We’ll walk you through setting up password and username protection here.

Step 1. Passwords cannot be kept in plain text for security reasons. Instead, use an internet service like https://www.htpasswdgenerator.net/ or an htpasswd program to produce a hash based on your chosen username and password.

Step 2. Save the character sequence that was created, then go back to the platform dashboard and see your environment listed. To configure the NGINX balancer node, click the Config button.

Step 3. Locate the tools panel in the conf.d folder and click the “New file” button when the Configuration Manager tab opens. You can rename the file whatever you want, but it must have the.htpasswd extension (password.htpasswd, for example).

Step 4. After naming your.htpasswd file as you like, open it, and copy the hash that was produced in the first part of these instructions into the file’s content. You can add more than one account by starting a new line in the file for each additional account.

After you have completed adjusting the parameters, remember to save your modifications.

Step 5. After that, open the nginx-jelastic.conf file from the ngnix folder. Within the initial section of the server code, look for the location block. To activate authentication and apply the required access rules, copy and paste the following lines:

auth_basic "closed site";
auth_basic_user_file /etc/nginx/conf.d/{htpasswd_file};

Change {{htpasswd_file}} to the name of the file containing the hash(es) of the password. The file in question is called `password.htpasswd` in this instance.

Step 6. To apply the modifications, make sure you save your work once more and restart the NGINX balancer node after making these adjustments.

Step 7. After completing these steps, you and any other users will be required to submit authentication credentials to access your application when you try to launch it in a web browser.

Your application will be available as soon as you supply the correct credentials (the ones that were used to create the hash).

IP Address Deny

You can stop requests from that IP address from accessing your application going forward if you see malicious activity coming from that user’s IP address. To put this security measure into effect, follow these steps:

Step 1. To get started, go to your environment’s platform dashboard and select the NGINX balancer node’s Config button.

Step 2. Next, find and select the nginx-Jelastic.conf file from the `conf} folder under the Configuration Manager tab. When it opens, go to the first server code section’s location block and copy and paste the following line:

deny {IP_ADDRESS};

Replace `{IP_ADDRESS}` with the IP address that you want to block from accessing your application.

Step 3. After saving your modifications, use the appropriate buttons or menu items to restart your NGINX node.

Step 4. As a result, if a user with the denied IP address attempts to access your application, they will encounter a “403 Forbidden” error message.

Use the “satisfy” directive to combine authentication methods with IP address restriction. By default, access is granted only if both requirements are satisfied. If at least one requirement is met, setting the “satisfy” directive to “any” permits access. Here’s an illustration of how to set things up:

This implies that if a user’s IP address is in the permitted list, they can access the program without logging in. If a user’s username and password are genuine, they can still access the website even if their IP address is blocked.

You now know some fundamental techniques to safeguard your application by limiting access to reliable users and prohibiting potentially dangerous ones. Without causing any harm, taking the time to improve the security of your application now can save you a great deal of time and money down the road.