nginx-ui icon indicating copy to clipboard operation
nginx-ui copied to clipboard

Published 20 hours ago verified publisher icon schenkd

Docker security

Open matteoventuri7 opened this issue 4 years ago • 1 comments

Hi, i have deployed nginx-ui on Docker like documentation but i have a problem: if I try to access to nginx-ui through nginx proxy all is ok (basic auth ask me login) but if i go direct on port 8080 then i can access to nginx-ui bypassing nginx proxy. So, this is a summary: nginx.mysite.com -> asking login (OK!!!) mysite.com:8080 -> i can access to nginx-ui without login.

Any helps? NGINX config

server { 
 listen 80;
 server_name nginx.mysite.com; 
 return 301 https://$host$request_uri; 
} 
server {
    listen 443 ssl; 
    server_name nginx.mysite.com; 
    ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem; 
    include /etc/letsencrypt/options-ssl-nginx.conf; 
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://127.0.0.1:8080/;
    }

    auth_basic "nginxui secured";
    auth_basic_user_file /etc/apache2/.htpasswd;
}

matteoventuri7 avatar Jul 30 '21 10:07 matteoventuri7

So, if you expose the nginx only on port 443, it wont be able to use port 8080. If you only use this on the lan, then auth is almost obsolete

thijsjek avatar Nov 27 '21 18:11 thijsjek