Page 1 of 1

Password protected?

Posted: Mon Oct 26, 2015 12:45 pm
by Stigern
Is there a way to make the server more secure?
Password/username login?

Re: Password protected?

Posted: Mon Oct 26, 2015 8:03 pm
by stefangsbb
I have actually chosen not to include any security/login features in the application, because it is quite difficult to make sure it is really secure. It is possible to use for example apache httpd in front of the application to add login for access.

Re: Password protected?

Posted: Tue Oct 27, 2015 5:53 am
by Stigern
Ok, I'm sorry but could you explain a littlebit more how? :?:

Re: Password protected?

Posted: Tue Oct 27, 2015 8:41 am
by mara
Here is how I did password protection and reverse proxy to opennethome jetty with nginx:

- install nginx:
sudo apt-get install nginx
sudo /etc/init.d/nginx start

- add http authentication (https://www.digitalocean.com/community/ ... untu-12-10):
sudo apt-get install apache2-utils
- create user "example" and set password
sudo htpasswd -c /etc/nginx/.htpasswd example

- edit nginx conf
sudo emacs /etc/nginx/sites-available/default
- add these lines after "server {..."
auth_basic "Restricted"; #For Basic Auth
auth_basic_user_file /etc/nginx/.htpasswd; #For Basic Auth

- reload your nginx and check that your password protection is working at http://yourhost:80:
sudo /etc/init.d/nginx reload

- Jetty proxy (http://stackoverflow.com/questions/2073 ... y-to-jetty)
sudo emacs /etc/nginx/sites-available/default
- change "location / {" section to this:
location / {
proxy_pass http://127.0.0.1:8020;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}

Please note that this adds password protection to nginx port 80 only. You can still access jetty server from port 8020.

And this is just a basic setup. Adding more security to nginx is another story :)

Re: Password protected?

Posted: Fri Oct 30, 2015 10:54 am
by stefangsbb
Stigern wrote:Ok, I'm sorry but could you explain a littlebit more how? :?:
Sorry, I guess that explanation was kind of compressed. What I meant was that it is possible to use a standard WEB-Server (like apache httpd or nginx) and configure that to use authentication and configure it to pass the requests on to OpenNetHome. You would for example open up port 80 in your router, and configure nginx to listen to that port and use authentication, and then pass on the traffic to port 8020 where OpenNetHome is listening.

All this does however require quite some knowledge in web server configuration. In Linux, installing the web servers is quite easy, in Windows it is a bit more work, but not much. Look at mara:s excellent description to see how it is done for nginx on Linux.

Re: Password protected?

Posted: Fri Oct 30, 2015 10:56 am
by stefangsbb
Thanks a lot mara for this excellent guide on how to set up password protection!

Re: Password protected?

Posted: Fri Oct 30, 2015 7:02 pm
by Stigern
Thanks! :D

Re: Password protected?

Posted: Wed Dec 20, 2017 9:46 pm
by obiwan
Works great, thanks!

Now on to add HTTPS :)

Re: Password protected?

Posted: Mon Jan 01, 2018 5:53 pm
by Dm86
Can I use another port than 80? I have an public web page on another raspberry pi so I would like to use 85 (or something) to do port forward to the RPI with NetHomeServer. Can I still use the script above to add password protection or do I need to do some modifications?