nativeInstallermattermost

Password-protect access to an application with NGINX

Before running the commands shown on this page, you should load the Bitnami stack environment by executing the installdir/use_APPNAME script (Linux and MacOS) or by clicking the shortcut in the Start Menu under “Start -> Bitnami APPNAME Stack -> Application console” (Windows). On OS X VMs, the installation directory is /opt/bitnami and OS X VM users can click the “Open Terminal” button to run commands. Learn more about the Bitnami stack environment and about OS X VMs.

NOTE: We are in the process of modifying the file structure and configuration for many Bitnami stacks. On account of these changes, the file paths stated in this guide may change depending on whether your Bitnami stack uses native Linux system packages (Approach A), or if it is a self-contained installation (Approach B). To identify your Bitnami installation type and what approach to follow, run the command below:

 $ test ! -f "installdir/common/bin/openssl" && echo "Approach A: Using system packages." || echo "Approach B: Self-contained installation."

The output of the command indicates which approach (A or B) is used by the installation, and will allow you to identify the paths, configuration and commands to use in this guide. Refer to the FAQ for more information on these changes.

To configure NGINX to request a username and password when accessing your application, follow these steps:

  • At the console, type the following commands. Remember to replace APPNAME, USERNAME and PASSWORD with your application name, desired username and desired password respectively.

    $ sudo apt-get update
    $ sudo apt-get install apache2-utils
    $ sudo htpasswd -cb installdir/nginx/users USERNAME PASSWORD
    
  • Edit the application configuration file NGINX and add a location block as shown below:

    NOTE: Depending on your installation type, the NGINX configuration file for your application is located in the following paths:

    • Approach A (Bitnami installations using system packages): installdir/nginx/conf/server_blocks/APPNAME-server-block.conf and installdir/nginx/conf/server_blocks/APPNAME-https-server-block.conf
    • Approach B (Self-contained Bitnami installations): installdir/apps/APPNAME/conf/nginx-app.conf
    location / {
        auth_basic "Restricted Area";
        auth_basic_user_file installdir/nginx/users;
    }
    

    NOTE: If you don’t wish to protect the entire application, but only a sub-URL, create a new location block as shown above only for the sub-URL you wish to protect.

  • Restart the NGINX server:

    $ sudo installdir/ctlscript.sh restart nginx
    

When accessing the application, you will see an authentication popup window. Enter the username and password defined in the first step:

To change the password later, run the htpasswd utility without the -c switch:

$ sudo htpasswd installdir/users USERNAME
Last modification June 9, 2020