nginx enable authentication on specific port












0














I am trying to protect the URL of my Kibana server with a password.



If I type http://192.168.1.2 in the browser, I am getting prompted for a username/password, but if I query the port 5601 directly via http://192.168.1.2:5601 then I can bypass the nginx proxy auth.



Note that both nginx and Kibana run on the same server.



I tried different combinations of "localhost" "0.0.0.0" or "127.0.0.1" as the listening source address but none of them worked. I can still easily bypass the proxy.



What am I doing wrong?



here's my /etc/nginx/nginx.conf file:



server {

  listen 192.168.1.2:80;

  server_name 192.168.1.2;

  location / {

    proxy_pass http://192.168.1.2:5601;

    auth_basic "Restricted";

    auth_basic_user_file /etc/nginx/.htpasswd;

  }

}





nginx password-protection







share|improve this question



























    0














    I am trying to protect the URL of my Kibana server with a password.



    If I type http://192.168.1.2 in the browser, I am getting prompted for a username/password, but if I query the port 5601 directly via http://192.168.1.2:5601 then I can bypass the nginx proxy auth.



    Note that both nginx and Kibana run on the same server.



    I tried different combinations of "localhost" "0.0.0.0" or "127.0.0.1" as the listening source address but none of them worked. I can still easily bypass the proxy.



    What am I doing wrong?



    here's my /etc/nginx/nginx.conf file:



    server {
    
  listen 192.168.1.2:80;
    
  server_name 192.168.1.2;
    
  location / {
    
    proxy_pass http://192.168.1.2:5601;
    
    auth_basic "Restricted";
    
    auth_basic_user_file /etc/nginx/.htpasswd;
    
  }
    
}





    nginx password-protection







    share|improve this question

























      0












      0








      0







      I am trying to protect the URL of my Kibana server with a password.



      If I type http://192.168.1.2 in the browser, I am getting prompted for a username/password, but if I query the port 5601 directly via http://192.168.1.2:5601 then I can bypass the nginx proxy auth.



      Note that both nginx and Kibana run on the same server.



      I tried different combinations of "localhost" "0.0.0.0" or "127.0.0.1" as the listening source address but none of them worked. I can still easily bypass the proxy.



      What am I doing wrong?



      here's my /etc/nginx/nginx.conf file:



      server {
      
  listen 192.168.1.2:80;
      
  server_name 192.168.1.2;
      
  location / {
      
    proxy_pass http://192.168.1.2:5601;
      
    auth_basic "Restricted";
      
    auth_basic_user_file /etc/nginx/.htpasswd;
      
  }
      
}





      nginx password-protection







      share|improve this question













      I am trying to protect the URL of my Kibana server with a password.



      If I type http://192.168.1.2 in the browser, I am getting prompted for a username/password, but if I query the port 5601 directly via http://192.168.1.2:5601 then I can bypass the nginx proxy auth.



      Note that both nginx and Kibana run on the same server.



      I tried different combinations of "localhost" "0.0.0.0" or "127.0.0.1" as the listening source address but none of them worked. I can still easily bypass the proxy.



      What am I doing wrong?



      here's my /etc/nginx/nginx.conf file:



      server {
      
  listen 192.168.1.2:80;
      
  server_name 192.168.1.2;
      
  location / {
      
    proxy_pass http://192.168.1.2:5601;
      
    auth_basic "Restricted";
      
    auth_basic_user_file /etc/nginx/.htpasswd;
      
  }
      
}





      nginx password-protection




      nginx password-protection






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 15 '18 at 17:45









      BluzBluz

      1,52842127




      1,52842127
























          1 Answer
          1






          active

          oldest

          votes


















          0














          NGINX only listens on port 80 and does not prevent access to your application on port 5601. You should instead use a firewall to block access to the port itself. You could:




          1. Place your server behind a firewall such as a router (blocks out all external network requests)

          2. Install a firewall, like UFW, on the server itself.






          share|improve this answer





















          • I don't want to prevent access to the application listening on :5601, I want to add authentication.
            – Bluz
            Nov 16 '18 at 9:46










          • You'll have to add authentication on kibana itself then. Here's a diagram of what you currently have: imgur.com/a/ZFS5P0T
            – Orphamiel
            Nov 16 '18 at 11:08











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53325197%2fnginx-enable-authentication-on-specific-port%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          NGINX only listens on port 80 and does not prevent access to your application on port 5601. You should instead use a firewall to block access to the port itself. You could:




          1. Place your server behind a firewall such as a router (blocks out all external network requests)

          2. Install a firewall, like UFW, on the server itself.






          share|improve this answer





















          • I don't want to prevent access to the application listening on :5601, I want to add authentication.
            – Bluz
            Nov 16 '18 at 9:46










          • You'll have to add authentication on kibana itself then. Here's a diagram of what you currently have: imgur.com/a/ZFS5P0T
            – Orphamiel
            Nov 16 '18 at 11:08
















          0














          NGINX only listens on port 80 and does not prevent access to your application on port 5601. You should instead use a firewall to block access to the port itself. You could:




          1. Place your server behind a firewall such as a router (blocks out all external network requests)

          2. Install a firewall, like UFW, on the server itself.






          share|improve this answer





















          • I don't want to prevent access to the application listening on :5601, I want to add authentication.
            – Bluz
            Nov 16 '18 at 9:46










          • You'll have to add authentication on kibana itself then. Here's a diagram of what you currently have: imgur.com/a/ZFS5P0T
            – Orphamiel
            Nov 16 '18 at 11:08














          0












          0








          0






          NGINX only listens on port 80 and does not prevent access to your application on port 5601. You should instead use a firewall to block access to the port itself. You could:




          1. Place your server behind a firewall such as a router (blocks out all external network requests)

          2. Install a firewall, like UFW, on the server itself.






          share|improve this answer












          NGINX only listens on port 80 and does not prevent access to your application on port 5601. You should instead use a firewall to block access to the port itself. You could:




          1. Place your server behind a firewall such as a router (blocks out all external network requests)

          2. Install a firewall, like UFW, on the server itself.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 15 '18 at 17:59









          OrphamielOrphamiel

          7941021




          7941021












          • I don't want to prevent access to the application listening on :5601, I want to add authentication.
            – Bluz
            Nov 16 '18 at 9:46










          • You'll have to add authentication on kibana itself then. Here's a diagram of what you currently have: imgur.com/a/ZFS5P0T
            – Orphamiel
            Nov 16 '18 at 11:08


















          • I don't want to prevent access to the application listening on :5601, I want to add authentication.
            – Bluz
            Nov 16 '18 at 9:46










          • You'll have to add authentication on kibana itself then. Here's a diagram of what you currently have: imgur.com/a/ZFS5P0T
            – Orphamiel
            Nov 16 '18 at 11:08
















          I don't want to prevent access to the application listening on :5601, I want to add authentication.
          – Bluz
          Nov 16 '18 at 9:46




          I don't want to prevent access to the application listening on :5601, I want to add authentication.
          – Bluz
          Nov 16 '18 at 9:46












          You'll have to add authentication on kibana itself then. Here's a diagram of what you currently have: imgur.com/a/ZFS5P0T
          – Orphamiel
          Nov 16 '18 at 11:08




          You'll have to add authentication on kibana itself then. Here's a diagram of what you currently have: imgur.com/a/ZFS5P0T
          – Orphamiel
          Nov 16 '18 at 11:08


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53325197%2fnginx-enable-authentication-on-specific-port%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Guess what letter conforming each word

          Image
          6 $begingroup$ This is an entry in the Fortnightly Topic Challenge #41: Short and Sweet. 1 letter only could be mean anything . With an additional letter in front , could be used as medicine component and something you definitely learn or at least heard once. Add another letter in front , you would possibly hear that many times . Add an additional letter in front , you would found an independent country . With an additional letter, in the end , you would found something related to apple . Add another letter in the end , you would found something bad . Hint: Each letter is unique . word knowledge letters chemistry share | improve this question ...
          Read more

          Port of Spain

          Image
          For ports in the country of Spain, see List of ports in Spain. City in City of Port of Spain, Trinidad and Tobago Port of Spain City City of Port of Spain Top to bottom (left to right): Skyline of Port of Spain from Gulf of Paria; National Academy for the Performing Arts, Independence Square, Eric Williams Plaza; MovieTowne, Port of Port of Spain Motto(s):  "We Gather Strength As We Go Along" Port of Spain Coordinates: 10°40′N 61°31′W  /  10.667°N 61.517°W  / 10.667; -61.517 Coordinates: 10°40′N 61°31′W  /  10.667°N 61.517°W  / 10.667; -61.517 Country   Trinidad and Tobago Jurisdiction City of Port of Spain Settled 1560 Incorporated (town) 1853 Incorporated (city) 1914 Government  • Mayor Joel Martinez  • Governing body City Corporation Area [1]  • City 12 km 2 (5 sq mi) Elevation [2] 66 m (217 ft) Population (2011) [1]  • City 37,074  • Rank 3rd  • Density 3,090/km 2 (8,000/sq mi)...
          Read more

          Run scheduled task as local user group (not BUILTIN)

          Image
          0 I am trying to run a scheduled task with User Group (not a single user). This is working fine when I in the field "when running a task, use the following user account:" insert BUILTIN User Group (for example: Administrators or Users). But when I try it with the created Local User Group (example: TestGroup) it is not working. The Users in the TestGroup are the same as in the Administrators group. What could be the problem? Are there some restrictions to the Created User Group compared to BUILTINUsers? scheduled-tasks taskscheduler windowstaskschedule share | improve this question asked Nov 15 '18 at 15:36 Far...
          Read more