nginx enable authentication on specific port
I am trying to protect the URL of my Kibana server with a password.
If I type http://192.168.1.2 in the browser, I am getting prompted for a username/password, but if I query the port 5601 directly via http://192.168.1.2:5601 then I can bypass the nginx proxy auth.
Note that both nginx and Kibana run on the same server.
I tried different combinations of "localhost" "0.0.0.0" or "127.0.0.1" as the listening source address but none of them worked. I can still easily bypass the proxy.
What am I doing wrong?
here's my /etc/nginx/nginx.conf file:
server {
listen 192.168.1.2:80;
server_name 192.168.1.2;
location / {
proxy_pass http://192.168.1.2:5601;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
nginx password-protection
asked Nov 15 '18 at 17:45
BluzBluz
1,52842127
add a comment |
I am trying to protect the URL of my Kibana server with a password.
If I type http://192.168.1.2 in the browser, I am getting prompted for a username/password, but if I query the port 5601 directly via http://192.168.1.2:5601 then I can bypass the nginx proxy auth.
Note that both nginx and Kibana run on the same server.
I tried different combinations of "localhost" "0.0.0.0" or "127.0.0.1" as the listening source address but none of them worked. I can still easily bypass the proxy.
What am I doing wrong?
here's my /etc/nginx/nginx.conf file:
server {
listen 192.168.1.2:80;
server_name 192.168.1.2;
location / {
proxy_pass http://192.168.1.2:5601;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
nginx password-protection
asked Nov 15 '18 at 17:45
BluzBluz
1,52842127
add a comment |
I am trying to protect the URL of my Kibana server with a password.
If I type http://192.168.1.2 in the browser, I am getting prompted for a username/password, but if I query the port 5601 directly via http://192.168.1.2:5601 then I can bypass the nginx proxy auth.
Note that both nginx and Kibana run on the same server.
I tried different combinations of "localhost" "0.0.0.0" or "127.0.0.1" as the listening source address but none of them worked. I can still easily bypass the proxy.
What am I doing wrong?
here's my /etc/nginx/nginx.conf file:
server {
listen 192.168.1.2:80;
server_name 192.168.1.2;
location / {
proxy_pass http://192.168.1.2:5601;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
nginx password-protection
asked Nov 15 '18 at 17:45
BluzBluz
1,52842127
I am trying to protect the URL of my Kibana server with a password.
If I type http://192.168.1.2 in the browser, I am getting prompted for a username/password, but if I query the port 5601 directly via http://192.168.1.2:5601 then I can bypass the nginx proxy auth.
Note that both nginx and Kibana run on the same server.
I tried different combinations of "localhost" "0.0.0.0" or "127.0.0.1" as the listening source address but none of them worked. I can still easily bypass the proxy.
What am I doing wrong?
here's my /etc/nginx/nginx.conf file:
server {
listen 192.168.1.2:80;
server_name 192.168.1.2;
location / {
proxy_pass http://192.168.1.2:5601;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
nginx password-protection
nginx password-protection
asked Nov 15 '18 at 17:45
BluzBluz
1,52842127
asked Nov 15 '18 at 17:45
BluzBluz
1,52842127
asked Nov 15 '18 at 17:45
BluzBluz
1,52842127
asked Nov 15 '18 at 17:45
BluzBluz
1,52842127
asked Nov 15 '18 at 17:45
BluzBluz
1,52842127
1,52842127
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
NGINX only listens on port 80 and does not prevent access to your application on port 5601. You should instead use a firewall to block access to the port itself. You could:
- Place your server behind a firewall such as a router (blocks out all external network requests)
- Install a firewall, like UFW, on the server itself.
answered Nov 15 '18 at 17:59
OrphamielOrphamiel
7941021
I don't want to prevent access to the application listening on :5601, I want to add authentication.
– Bluz
Nov 16 '18 at 9:46
You'll have to add authentication on kibana itself then. Here's a diagram of what you currently have: imgur.com/a/ZFS5P0T
– Orphamiel
Nov 16 '18 at 11:08
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53325197%2fnginx-enable-authentication-on-specific-port%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
NGINX only listens on port 80 and does not prevent access to your application on port 5601. You should instead use a firewall to block access to the port itself. You could:
- Place your server behind a firewall such as a router (blocks out all external network requests)
- Install a firewall, like UFW, on the server itself.
answered Nov 15 '18 at 17:59
OrphamielOrphamiel
7941021
I don't want to prevent access to the application listening on :5601, I want to add authentication.
– Bluz
Nov 16 '18 at 9:46
You'll have to add authentication on kibana itself then. Here's a diagram of what you currently have: imgur.com/a/ZFS5P0T
– Orphamiel
Nov 16 '18 at 11:08
add a comment |
NGINX only listens on port 80 and does not prevent access to your application on port 5601. You should instead use a firewall to block access to the port itself. You could:
- Place your server behind a firewall such as a router (blocks out all external network requests)
- Install a firewall, like UFW, on the server itself.
answered Nov 15 '18 at 17:59
OrphamielOrphamiel
7941021
I don't want to prevent access to the application listening on :5601, I want to add authentication.
– Bluz
Nov 16 '18 at 9:46
You'll have to add authentication on kibana itself then. Here's a diagram of what you currently have: imgur.com/a/ZFS5P0T
– Orphamiel
Nov 16 '18 at 11:08
add a comment |
NGINX only listens on port 80 and does not prevent access to your application on port 5601. You should instead use a firewall to block access to the port itself. You could:
- Place your server behind a firewall such as a router (blocks out all external network requests)
- Install a firewall, like UFW, on the server itself.
answered Nov 15 '18 at 17:59
OrphamielOrphamiel
7941021
NGINX only listens on port 80 and does not prevent access to your application on port 5601. You should instead use a firewall to block access to the port itself. You could:
- Place your server behind a firewall such as a router (blocks out all external network requests)
- Install a firewall, like UFW, on the server itself.
answered Nov 15 '18 at 17:59
OrphamielOrphamiel
7941021
answered Nov 15 '18 at 17:59
OrphamielOrphamiel
7941021
answered Nov 15 '18 at 17:59
OrphamielOrphamiel
7941021
answered Nov 15 '18 at 17:59
OrphamielOrphamiel
7941021
7941021
I don't want to prevent access to the application listening on :5601, I want to add authentication.
– Bluz
Nov 16 '18 at 9:46
You'll have to add authentication on kibana itself then. Here's a diagram of what you currently have: imgur.com/a/ZFS5P0T
– Orphamiel
Nov 16 '18 at 11:08
add a comment |
I don't want to prevent access to the application listening on :5601, I want to add authentication.
– Bluz
Nov 16 '18 at 9:46
You'll have to add authentication on kibana itself then. Here's a diagram of what you currently have: imgur.com/a/ZFS5P0T
– Orphamiel
Nov 16 '18 at 11:08
I don't want to prevent access to the application listening on :5601, I want to add authentication.
– Bluz
Nov 16 '18 at 9:46
I don't want to prevent access to the application listening on :5601, I want to add authentication.
– Bluz
Nov 16 '18 at 9:46
You'll have to add authentication on kibana itself then. Here's a diagram of what you currently have: imgur.com/a/ZFS5P0T
– Orphamiel
Nov 16 '18 at 11:08
You'll have to add authentication on kibana itself then. Here's a diagram of what you currently have: imgur.com/a/ZFS5P0T
– Orphamiel
Nov 16 '18 at 11:08
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53325197%2fnginx-enable-authentication-on-specific-port%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
