Create Basic Auth file

Create a htpasswd file under your N|Solid directory being served by nginx. The following command will create the file and also add the user and an encrypted password to it.

rm ./conf/nginx/htpasswd
htpasswd -cb ./conf/nginx/htpasswd {username} {password}

Configuring Nginx as a Reverse Proxy for N|Solid Console

What is a Reverse Proxy Server

A reverse proxy server is a type of proxy server that typically sits behind the firewall in a private network and directs client requests to the appropriate backend server. A reverse proxy provides an additional level of abstraction and control to ensure the smooth flow of network traffic between clients and servers.

Reverse Proxy Server for Security and Anonymity

By intercepting requests headed for your backend servers, a reverse proxy server protects their identities and acts as an additional defense against security attacks. It also ensures that multiple servers can be accessed from a single record locator or URL regardless of the structure of your local area network.

The proxy_pass Directive

To pass a request to an HTTP proxied server, the proxy_pass directive is specified inside a location.

nsolid-nginx.conf :

upstream console {
  server console:80;
}

location / {
    proxy_pass http://console;
  }

Adding Auth and Using proxy_pass for N|Solid Console with nsolid-nginx.conf

Your nginx configuration file should be under /etc/nginx/.

Add the entries below for the domain path that you want to secure.

    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/htpasswd;
    proxy_pass http://console;

The second line is the location of the htpasswd file.

nsolid-nginx.conf :

location / {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/htpasswd;

    add_header X-Cache-Status $upstream_cache_status;

    proxy_redirect off;
    proxy_http_version 1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    proxy_pass http://console;
  }

Reload Nginx

To reflect the changes on N|Solid Console, reload the Nginx configuration and try to access the domain that has been secured using Basic Authentication.

$ sudo /etc/init.d/nginx reload
* Reloading nginx configuration...

Now try to access N|Solid Console or the domain path that you have secured and you will notice a browser prompt that asks you to enter the login and password. Enter the details that you used while creating the htpasswd file. The prompt does not allow you to access until you have entered the right credentials. If you want to check a full example of this working, check out our N|Solid Kubernetes example: https://github.com/nodesource/nsolid-kubernetes/