Ubuntu 20.04
Sponsored Link

Nginx : Basic Auth + PAM
2020/10/14
 
Configure Nginx to use OS users on Basic authentication.
[1]
Username and password are sent with plain text on Basic Authentication, so Use secure connection with SSL/TLS setting, refer to here.
[2] Install packages which includes [mod-http-auth-pam] module.
root@www:~#
apt -y install nginx-extras
[3] Configure Basic authentication + PAM.
For example, set Basic Authentication to the directory [/var/www/html/auth-pam].
root@www:~#
vi /etc/nginx/sites-available/default
# add settings into [server] section in a virtualhost you'd like to set

server {
       listen       443 ssl http2 default_server;
       listen       [::]:443 ssl http2 default_server;
       server_name  www.srv.world;
       root         /var/www/html;

       ssl_certificate "/etc/letsencrypt/live/www.srv.world/fullchain.pem";
       ssl_certificate_key "/etc/letsencrypt/live/www.srv.world/privkey.pem";
       ssl_session_cache shared:SSL:1m;
       ssl_session_timeout  10m;

       index index.html
       include /etc/nginx/default.d/*.conf;

       location / {
              try_files $uri $uri/ =404;
       }

       location /auth-pam {
           auth_pam "PAM Authentication";
           auth_pam_service_name "nginx";
       }
.....
.....

root@www:~#
vi /etc/pam.d/nginx
# create new

auth       include      common-auth
account    include      common-account

# add to a group that nginx can read shadow

root@www:~#
usermod -G shadow www-data

root@www:~#
systemctl restart nginx

# create a test page

root@www:~#
mkdir /var/www/html/auth-pam

root@www:~#
vi /var/www/html/auth-pam/index.html
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Test Page for PAM Auth
</div>
</body>
</html>
[4] Access to the test page from any client computer with web browser. Then authentication is required as settings, answer with any OS user.
[5] That's OK if authentication is successfully passed and test page is displayed normally.
Matched Content