Hello, I can say my installation of ISPConfig 3.2.8 + Ubuntu 20.04 + Nginx is successful. I can also access the web statistics GoAccess of a site. However, Nginx does not provide any authentication protection for viewing GoAccess web statistics. Can anybody provide authentication protection in such case?
Try: https://www.cyberciti.biz/faq/nginx-password-protect-directory-with-nginx-htpasswd-authentication/
Hello Friend, I found that the problem is more complicated because there is already such codes in the default ISPConfig setup for my Nginx: Code: location /stats/ { index index.html index.php; auth_basic "Members Only"; auth_basic_user_file /var/www/clients/client1/web2/web//stats/.htpasswd_stats; add_header Content-Security-Policy "default-src * 'self' 'unsafe-inline' 'unsafe-eval' data:;"; }
I rarely use them so basically never open goaccess but I will check as all my servers are using nginx.
I think it is the reason but I am not sure because I do not know what the default modules are. There is no Nginx module auth_basic in my Nginx installation (Ubuntu 20.04). Code: nginx -V nginx version: nginx/1.18.0 (Ubuntu) built with OpenSSL 1.1.1f 31 Mar 2020 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-7KvRN5/nginx-1.18.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/build/nginx-7KvRN5/nginx-1.18.0/debian/modules/http-auth-pam --add-dynamic-module=/build/nginx-7KvRN5/nginx-1.18.0/debian/modules/http-dav-ext --add-dynamic-module=/build/nginx-7KvRN5/nginx-1.18.0/debian/modules/http-echo --add-dynamic-module=/build/nginx-7KvRN5/nginx-1.18.0/debian/modules/http-upstream-fair --add-dynamic-module=/build/nginx-7KvRN5/nginx-1.18.0/debian/modules/http-subs-filter --add-dynamic-module=/build/nginx-7KvRN5/nginx-1.18.0/debian/modules/http-geoip2
I believe you must use apache2-utils as suggested in the said article which has no nginx equivalent. If I remember correctly, there is/are also tutorials in howtoforge addressing this as well.
The Nginx module auth_basic and apache2-utils are two different things. The tools in apache2-utils are needed to create .htpasswd files, that's why this package gets installed by the auto installer and in the perfect server guides. The Nginx module auth_basic is the module in Nginx to provide basic auth, it is available in any Nginx system when you followed any of our guides. So unless you compiled Nginx manually or used a different source, then your Nginx is already able to do basic auth. Is this website the one where you altered the root path? If yes, then this is probably the cause of your issue. Try using the folder protection function in ISPConfig instead to protect your new stats folder.
I don't really need GUI to monitor the same, so no thank you. I hope you get yours working before I get to my workstation.
This site does not require redirect so it is straight forward. I did try to use ISPConfig folder protection feature. Then, there will appear 2 different credential files under the same directory: Code: auth_basic_user_file /var/www/clients/client1/web2/web//stats/.htpasswd_stats; auth_basic_user_file /var/www/clients/client1/web2/web//stats/.htpasswd; which is rejected by Nginx.
Conclusion - ISPConfig Nginx web statistics authentication implementation is faulty. Please correct it at once. Apaches web statistics authentication is correct and working.
