Nginx Server For Hosting Files Ubuntu 22.04: Difference between revisions

From CompleteNoobs
Jump to navigation Jump to search
(Created page with "==Spin up a Server == Using <b>Vultr</b> i am going to deploy a <b>Ubuntu 20.04</b> Server.<br \> $5 a month, 1 cpu, 1024MB ram, 25GB ssd, 1000GB Bandwidth.<br \> I have been given the IP:<b>192.248.155.201</b> <br \> ===DNS=== make a <b>A RECORD</b> for subdomain server IP address<br> {| class="wikitable" |+ Dns |- |Type |Host |Ip address |TTL |- |A record |xml |192.248.155.201 |auto |- |} ==Enable Basic FireWall== <code>ufw allow 22/tcp</code><br> <code>ufw allow 44...")
 
Line 487: Line 487:
==Transfer Files to Sharing Directory==
==Transfer Files to Sharing Directory==
===scp===
===scp===
Check [[Basic_SCP_Examples|Basic_SCP_Examples]] for more examples:<br>
Check [[SCP_Examples|Basic_SCP_Examples]] for more examples:<br>
To send direct from MediaWiki server (Example file 'xmlDump-03-03-2023')<br>
To send direct from MediaWiki server (Example file 'xmlDump-03-03-2023')<br>
Will be prompted to enter password:<br>
Will be prompted to enter password:<br>

Revision as of 21:58, 2 April 2023

Spin up a Server

Using Vultr i am going to deploy a Ubuntu 20.04 Server.
$5 a month, 1 cpu, 1024MB ram, 25GB ssd, 1000GB Bandwidth.
I have been given the IP:192.248.155.201

DNS

make a A RECORD for subdomain server IP address

Dns
Type Host Ip address TTL
A record xml 192.248.155.201 auto

Enable Basic FireWall

ufw allow 22/tcp
ufw allow 443/tcp
ufw allow 80/tcp

ufw enable

Auto update Setup for server

$EDITOR /etc/apt/apt.conf.d/50unattended-upgrades
And change the lines:

//      "${distro_id}:${distro_codename}-updates";

To: 

      "${distro_id}:${distro_codename}-updates";



// Remove unused automatically installed kernel-related packages
// (kernel images, kernel headers and kernel version locked tools).
//Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";

// Do automatic removal of newly unused dependencies after the upgrade
//Unattended-Upgrade::Remove-New-Unused-Dependencies "true";

// Do automatic removal of unused packages after the upgrade
// (equivalent to apt-get autoremove)
//Unattended-Upgrade::Remove-Unused-Dependencies "false";

// Automatically reboot *WITHOUT CONFIRMATION* if
//  the file /var/run/reboot-required is found after the upgrade
//Unattended-Upgrade::Automatic-Reboot "false";

// Automatically reboot even if there are users currently logged in
// when Unattended-Upgrade::Automatic-Reboot is set to true
//Unattended-Upgrade::Automatic-Reboot-WithUsers "true";

// If automatic reboot is enabled and needed, reboot at the specific
// time instead of immediately
//  Default: "now"
//Unattended-Upgrade::Automatic-Reboot-Time "02:00";

Changed to

// Remove unused automatically installed kernel-related packages
// (kernel images, kernel headers and kernel version locked tools).
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";

// Do automatic removal of newly unused dependencies after the upgrade
Unattended-Upgrade::Remove-New-Unused-Dependencies "true";

// Do automatic removal of unused packages after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "true";

// Automatically reboot *WITHOUT CONFIRMATION* if
//  the file /var/run/reboot-required is found after the upgrade
Unattended-Upgrade::Automatic-Reboot "true";

// Automatically reboot even if there are users currently logged in
// when Unattended-Upgrade::Automatic-Reboot is set to true
Unattended-Upgrade::Automatic-Reboot-WithUsers "true";

// If automatic reboot is enabled and needed, reboot at the specific
// time instead of immediately
//  Default: "now"
Unattended-Upgrade::Automatic-Reboot-Time "04:00";

Install NGINX

apt install nginx -y

You should now be able to see the Welcome to nginx! site on your subdomain (or just use server ip address).
Only http will work as we have not yet setup are https

LetsEncrypt

snap install certbot --classic
certbot --nginx -d xml.completenoobs.com
You should now be able to view the Welcome to nginx! page with https

Setup NGINX

The nginx default site should look like this:
cat /etc/nginx/sites-available/default

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
	listen 80 default_server;
	listen [::]:80 default_server;

	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;

	server_name _;

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
	}

	# pass PHP scripts to FastCGI server
	#
	#location ~ \.php$ {
	#	include snippets/fastcgi-php.conf;
	#
	#	# With php-fpm (or other unix sockets):
	#	fastcgi_pass unix:/run/php/php7.4-fpm.sock;
	#	# With php-cgi (or other tcp sockets):
	#	fastcgi_pass 127.0.0.1:9000;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	#}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#	listen 80;
#	listen [::]:80;
#
#	server_name example.com;
#
#	root /var/www/example.com;
#	index index.html;
#
#	location / {
#		try_files $uri $uri/ =404;
#	}
#}

server {

	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;
    server_name xml.completenoobs.com; # managed by Certbot


	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
	}

	# pass PHP scripts to FastCGI server
	#
	#location ~ \.php$ {
	#	include snippets/fastcgi-php.conf;
	#
	#	# With php-fpm (or other unix sockets):
	#	fastcgi_pass unix:/run/php/php7.4-fpm.sock;
	#	# With php-cgi (or other tcp sockets):
	#	fastcgi_pass 127.0.0.1:9000;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	#}


    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/xml.completenoobs.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/xml.completenoobs.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = xml.completenoobs.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


	listen 80 ;
	listen [::]:80 ;
    server_name xml.completenoobs.com;
    return 404; # managed by Certbot


}

CertBot did the work for us :) Good Bot.
We just need to add one line autoindex on;in the location { } $EDITOR /etc/nginx/sites-available/default

/etc/nginx/sites-available/default After appending autoindex on;: 

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
	listen 80 default_server;
	listen [::]:80 default_server;

	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;

	server_name _;

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
	}

	# pass PHP scripts to FastCGI server
	#
	#location ~ \.php$ {
	#	include snippets/fastcgi-php.conf;
	#
	#	# With php-fpm (or other unix sockets):
	#	fastcgi_pass unix:/run/php/php7.4-fpm.sock;
	#	# With php-cgi (or other tcp sockets):
	#	fastcgi_pass 127.0.0.1:9000;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	#}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#	listen 80;
#	listen [::]:80;
#
#	server_name example.com;
#
#	root /var/www/example.com;
#	index index.html;
#
#	location / {
#		try_files $uri $uri/ =404;
#	}
#}

server {

	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;
    server_name xml.completenoobs.com; # managed by Certbot


	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
		# To allow browsing of directory
		autoindex on;
	}

	# pass PHP scripts to FastCGI server
	#
	#location ~ \.php$ {
	#	include snippets/fastcgi-php.conf;
	#
	#	# With php-fpm (or other unix sockets):
	#	fastcgi_pass unix:/run/php/php7.4-fpm.sock;
	#	# With php-cgi (or other tcp sockets):
	#	fastcgi_pass 127.0.0.1:9000;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	#}


    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/xml.completenoobs.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/xml.completenoobs.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = xml.completenoobs.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


	listen 80 ;
	listen [::]:80 ;
    server_name xml.completenoobs.com;
    return 404; # managed by Certbot


}

Hosting XML files for easy Downloading

we are going to delete the default index page and create another.
rm /var/www/html/index.nginx-debian.html
$EDITOR /var/www/html/index.html
Insert:

<!DOCTYPE html>
<html>
<head>
<title>CompleteNoobs-XML_Dumps</title>
</head>
<body>
<h1>
<a href="xmlDumps/">Click here for are latest XML Dumps</a>.</p>
</h1>

</body>
</html>


Create a Directory to place are dumps
mkdir /var/www/html/xmlDumps
This is the directory we will place are dumps for sharing and easy downloads.
chown -R www-data:www-data /var/www/html/xmlDumps
systemctl restart nginx

now create a test file with some content and test.
$EDITOR /var/www/html/xmlDumps/test.txt
Check you can see/read on web browser.
This is the directory where we will send are mediawiki dumps.

Transfer Files to Sharing Directory

scp

Check Basic_SCP_Examples for more examples:
To send direct from MediaWiki server (Example file 'xmlDump-03-03-2023')
Will be prompted to enter password:
scp /path/to/xmlDump-03-03-2023 root@xml.completenoobs.com:/var/www/html/xmlDumps/

sshfs

Can be useful if you are transferring a large number of files from your computer to server and want to use the GUI file explorer.

NOTE:replace $USER with your user account (Example: mine is 'ubunix' so i will replace '$USER' with 'ubunix')
Install sshfs on your computer
sudo apt install sshfs
Create a Directory you are going to mount remote server directory to:
mkdir /home/$USER/ServerMount

sudo sshfs -o allow_other,default_permissions root@xml.completenoobs.com:/var/www/html/xmlDumps/ /home/$USER/ServerMount/
To umount use:
sudo umount /home/$USER/ServerMount

Require Username and Password to view website/files (Optional - Placed here for educational reasons)

apt install apache2-utils
In your /etc/nginx/sites-available/default
Append the lines(see before and after files to see where):

auth_basic "Hello Please Login";
auth_basic_user_file /etc/nginx/.htpasswd;

/etc/nginx/sites-available/default: Before

  2. You should look at the following URL's in order to grasp a solid understanding
  3. of Nginx configuration files in order to fully unleash the power of Nginx.
  4. https://www.nginx.com/resources/wiki/start/
  5. https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
  6. https://wiki.debian.org/Nginx/DirectoryStructure
  8. In most cases, administrators will remove this file from sites-enabled/ and
  9. leave it as reference inside of sites-available where it will continue to be
  10. updated by the nginx packaging team.
  12. This file will automatically load configuration files provided by other
  13. applications, such as Drupal or Wordpress. These applications will be made
  14. available underneath a path with that package name, such as /drupal8.
  16. Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
  1. Default server configuration

server { listen 80 default_server; listen [::]:80 default_server;

# SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf;

root /var/www/html;

# Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html;

server_name _;

location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; }

# pass PHP scripts to FastCGI server # #location ~ \.php$ { # include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): # fastcgi_pass unix:/run/php/php7.4-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; #}

# deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} }


  1. Virtual Host configuration for example.com
  3. You can move that to a different file under sites-available/ and symlink that
  4. to sites-enabled/ to enable it.
  6. server {
  7. listen 80;
  8. listen [::]:80;
  10. server_name example.com;
  12. root /var/www/example.com;
  13. index index.html;
  15. location / {
  16. try_files $uri $uri/ =404;
  17. }
  18. }

server {

# SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf;

root /var/www/html;

# Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; 

   server_name xml.completenoobs.com; # managed by Certbot


location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; }

# pass PHP scripts to FastCGI server # #location ~ \.php$ { # include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): # fastcgi_pass unix:/run/php/php7.4-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; #}

# deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} 


   listen [::]:443 ssl ipv6only=on; # managed by Certbot
   listen 443 ssl; # managed by Certbot
   ssl_certificate /etc/letsencrypt/live/xml.completenoobs.com/fullchain.pem; # managed by Certbot
   ssl_certificate_key /etc/letsencrypt/live/xml.completenoobs.com/privkey.pem; # managed by Certbot
   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

} server { 

   if ($host = xml.completenoobs.com) {
       return 301 https://$host$request_uri;
   } # managed by Certbot


listen 80 ; listen [::]:80 ; 

   server_name xml.completenoobs.com;
   return 404; # managed by Certbot


}

/etc/nginx/sites-available/default: After

  2. You should look at the following URL's in order to grasp a solid understanding
  3. of Nginx configuration files in order to fully unleash the power of Nginx.
  4. https://www.nginx.com/resources/wiki/start/
  5. https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
  6. https://wiki.debian.org/Nginx/DirectoryStructure
  8. In most cases, administrators will remove this file from sites-enabled/ and
  9. leave it as reference inside of sites-available where it will continue to be
  10. updated by the nginx packaging team.
  12. This file will automatically load configuration files provided by other
  13. applications, such as Drupal or Wordpress. These applications will be made
  14. available underneath a path with that package name, such as /drupal8.
  16. Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
  1. Default server configuration

server { listen 80 default_server; listen [::]:80 default_server;

# SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf;

root /var/www/html;

# Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html;

server_name _;

location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; }

# pass PHP scripts to FastCGI server # #location ~ \.php$ { # include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): # fastcgi_pass unix:/run/php/php7.4-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; #}

# deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} }


  1. Virtual Host configuration for example.com
  3. You can move that to a different file under sites-available/ and symlink that
  4. to sites-enabled/ to enable it.
  6. server {
  7. listen 80;
  8. listen [::]:80;
  10. server_name example.com;
  12. root /var/www/example.com;
  13. index index.html;
  15. location / {
  16. try_files $uri $uri/ =404;
  17. }
  18. }

server {

# SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf;

root /var/www/html;

# Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; 

   server_name xml.completenoobs.com; # managed by Certbot


location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; # To allow browsing of directory autoindex on; auth_basic "Hello Please Login"; auth_basic_user_file /etc/nginx/.htpasswd; }

# pass PHP scripts to FastCGI server # #location ~ \.php$ { # include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): # fastcgi_pass unix:/run/php/php7.4-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; #}

# deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} 


   listen [::]:443 ssl ipv6only=on; # managed by Certbot
   listen 443 ssl; # managed by Certbot
   ssl_certificate /etc/letsencrypt/live/xml.completenoobs.com/fullchain.pem; # managed by Certbot
   ssl_certificate_key /etc/letsencrypt/live/xml.completenoobs.com/privkey.pem; # managed by Certbot
   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

} server { 

   if ($host = xml.completenoobs.com) {
       return 301 https://$host$request_uri;
   } # managed by Certbot


listen 80 ; listen [::]:80 ; 

   server_name xml.completenoobs.com;
   return 404; # managed by Certbot


}

Create a login Username and Password to view your website

Add user; change user1 to username of your choice; you will be prompted for password.
htpasswd -c /etc/nginx/.htpasswd user1

The -c flag is only needed the first time to create the file /etc/nginx/.htpasswd

Add second user; the same method is used to add has many users has you want.
htpasswd /etc/nginx/.htpasswd user2
To update or change passwd for user, repeat command with username of account you wish to change; enter new password.
htpasswd /etc/nginx/.htpasswd user1
Restart Nginx:
systemctl restart nginx
And try site.

Fail2Ban to Block IP's Which Enter Incorrect Username and/or Password

Install Fail2Ban:
apt install fail2ban

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
$EDITOR /etc/fail2ban/jail.local
Note: Can append to the very bottom of the page.

# Reject Connections that failed username password
_action_tcp_udp = %(banaction)s[name=%(__name__)s-tcp, protocol="tcp", port="%(port)s", blocktype="REJECT --reject-with tcp-reset", chain="%(chain)s", actname=%(banaction)s-tcp]
    %(banaction)s[name=%(__name__)s-udp, protocol="udp", port="%(port)s", blocktype="REJECT --reject-with icmp-port-unreachable", chain="%(chain)s", actname=%(banaction)s-udp]


actionx = %(_action_tcp_udp)s

[nginx-cup]
#the name in brackets above is what you use for status
#   fail2ban-client status nginx-cup
enabled = true
filter = nginx-correct-up
port = http,https
logpath = /var/log/nginx/error.log
findtime = 3m
bantime = 3m
maxretry = 3
#ignoreip = <your-ipaddress>
#Note: Can find your ipaddress using `curl ifconfig.me` or visit `whatismyip.com`


$EDITOR /etc/fail2ban/filter.d/nginx-correct-up.conf

[Definition]
failregex = client:\s<HOST>
ignoreregex =

Check Fail2Ban for errors

fail2ban-client -d

restart nginx and fail2ban so updated setting can take effect

systemctl restart fail2ban.service
systemctl restart nginx.service
And test.

Remove need for username and password

Comment out (or delete) the following lines from your nginx config file:
$EDITOR /etc/nginx/sites-available/default

auth_basic "Hello Please Login";
auth_basic_user_file /etc/nginx/.htpasswd;


Can comment out lines by placing a '#' in front.

#auth_basic "Hello Please Login";
#auth_basic_user_file /etc/nginx/.htpasswd;


Restart Nginx:
systemctl restart nginx

Retrieved from "http:///noobs/index.php?title=Nginx_Server_For_Hosting_Files_Ubuntu_22.04&oldid=278"