LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-15-2019, 08:38 AM   #1
yash1990
LQ Newbie
 
Registered: Apr 2018
Posts: 27

Rep: Reputation: Disabled
Nginx Authentication


Hi All,

Recently installed ELK on my server. Now I needed to set up an authentication, to access the dashboard link. Upto some level I have succeeded, but not fully. Authentication works if I access the link with hostname or IP : www.test.com or 10.10.10.10.

But as soon as I access the same link with port 5601, authentication does not work on it. It just loads the dashboard without authenticating.
Example : 10.10.10.10:5601 or www.test.com:5601

Below is the content of nginx.conf file :

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
worker_connections 1024;
}

http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/mime.types;
default_type application/octet-stream;

include /etc/nginx/conf.d/*.conf;
}

=======================

Below is the content of authentication file :

upstream app {
server 10.10.10.10:5601;
keepalive 64;
}

server {
listen 80;
server_name www.test.com;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.users;

location / {
proxy_pass http://app;
}
}

=========================
 
Old 05-15-2019, 09:05 AM   #2
sevendogsbsd
Member
 
Registered: Sep 2017
Distribution: FreeBSD
Posts: 840

Rep: Reputation: Disabled
I've never done authentication on nginx but it looks like you have it configured for port 80 only. Do you just need to add another authentication entry for port 5601? Also, not using HTTPS means the username and password are sent in the clear - if this is internal only or in a lab, that's probably fine but if going out over the Internet, I would implement HTTPS.
 
Old 05-15-2019, 10:27 AM   #3
yash1990
LQ Newbie
 
Registered: Apr 2018
Posts: 27

Original Poster
Rep: Reputation: Disabled
I am going to access this application in private network, so SSL is not important. After having configured nginx, I am getting same contents for below links :
www.test.com:5601
www.test.com

I'm getting authentication pop-up for www.test.com, but not for www.test.com:5601
 
Old 05-15-2019, 10:30 AM   #4
sevendogsbsd
Member
 
Registered: Sep 2017
Distribution: FreeBSD
Posts: 840

Rep: Reputation: Disabled
Quote:
Originally Posted by yash1990 View Post
I am going to access this application in private network, so SSL is not important. After having configured nginx, I am getting same contents for below links :
www.test.com:5601
www.test.com

I'm getting authentication pop-up for www.test.com, but not for www.test.com:5601
Understood, but what I was suggesting was something like this, but I am not sure this is how you do this in nginx as I have not configured authentication in it before:

Code:
server {
listen 5601;
server_name www.test.com;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.users;
 
Old 05-15-2019, 10:56 AM   #5
yash1990
LQ Newbie
 
Registered: Apr 2018
Posts: 27

Original Poster
Rep: Reputation: Disabled
Not working. Below is the error that I get upon nginx service restart

May 15 11:53:13 test.com polkitd[5867]: Registered Authentication Agent for unix-process:11576:89549281 (system bus name :1.570 [/usr/bin/pkttyagent --notify-fd 5
May 15 11:53:13 test.com systemd[1]: Starting nginx - high performance web server...
-- Subject: Unit nginx.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman.../systemd-devel
--
-- Unit nginx.service has begun starting up.
May 15 11:53:13 test.com nginx[11582]: nginx: [emerg] bind() to 0.0.0.0:5601 failed (98: Address already in use)
May 15 11:53:14 test.com nginx[11582]: nginx: [emerg] bind() to 0.0.0.0:5601 failed (98: Address already in use)
May 15 11:53:14 test.com nginx[11582]: nginx: [emerg] bind() to 0.0.0.0:5601 failed (98: Address already in use)
May 15 11:53:15 test.com nginx[11582]: nginx: [emerg] bind() to 0.0.0.0:5601 failed (98: Address already in use)
May 15 11:53:15 test.com nginx[11582]: nginx: [emerg] bind() to 0.0.0.0:5601 failed (98: Address already in use)
May 15 11:53:16 test.com nginx[11582]: nginx: [emerg] still could not bind()
May 15 11:53:16 test.com systemd[1]: nginx.service: control process exited, code=exited status=1
May 15 11:53:16 test.com systemd[1]: Failed to start nginx - high performance web server.
-- Subject: Unit nginx.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman.../systemd-devel
--
-- Unit nginx.service has failed.
--
-- The result is failed.
May 15 11:53:16 test.com systemd[1]: Unit nginx.service entered failed state.
May 15 11:53:16 test.com systemd[1]: nginx.service failed.
May 15 11:53:16 test.com polkitd[5867]: Unregistered Authentication Agent for unix-process:11576:89549281 (system bus name :1.570, object path /org/freedesktop/Po
 
Old 05-15-2019, 11:00 AM   #6
sevendogsbsd
Member
 
Registered: Sep 2017
Distribution: FreeBSD
Posts: 840

Rep: Reputation: Disabled
So where is the entry for port 5601 configured? If the dashboard is available on 5601, all I am saying is you need to configure that port for authentication.
 
Old 05-15-2019, 12:29 PM   #7
yash1990
LQ Newbie
 
Registered: Apr 2018
Posts: 27

Original Poster
Rep: Reputation: Disabled
You can find entry of 5601 in config file:

upstream app {
server 10.10.10.10:5601;
keepalive 64;
}

server {
listen 80;
server_name www.test.com;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.users;

location / {
proxy_pass http://app;
}
}
 
Old 05-15-2019, 12:42 PM   #8
sevendogsbsd
Member
 
Registered: Sep 2017
Distribution: FreeBSD
Posts: 840

Rep: Reputation: Disabled
Quick search resulted in this, might be helpful: https://stackoverflow.com/questions/...tion-in-kibana
 
Old 05-17-2019, 06:14 AM   #9
tyler2016
Member
 
Registered: Sep 2018
Distribution: Debian, CentOS, FreeBSD
Posts: 183

Rep: Reputation: Disabled
I'm taking a shot in the dark here since I use HAProxy for my front ending needs. What happens when you replace:

Code:
location / {
proxy_pass http://app;
}
with:

Code:
location / {
proxy_pass http://app;

auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.users;
}
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
nginx/1.4.1 '/etc/nginx/sites-available/default' missing Jalalabee Linux - Newbie 0 06-05-2013 07:44 AM
nginx + php-fpm and nginx modules fantasygoat Linux - Server 0 06-09-2011 12:21 PM
LXer: Nginx+Varnish compared to Nginx LXer Syndicated Linux News 0 04-27-2011 02:30 PM
Nginx experts help me-problem when using Nginx php-fpm !!! HuMan-BiEnG Linux - Server 2 04-17-2011 02:30 PM
NGINX with PHP-FPM vis NGINX with Spawn-FCGI WhisperiN Linux - Server 1 03-15-2011 06:39 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration