Page:
Restrict upload using NGINX
Pages
API
Configuration
Development
Docker
Encryption format
FAQ
Home
IIS Configuration (Required)
Installation on Red Hat with SELinux
Installation
Other installation methods
PrivateBin Instances Directory
Release Checklist
Restrict upload using NGINX
Templates
Third party clients
Threat Model
Translation
Upgrading from ZeroBin 0.19 Alpha
No results
5
Restrict upload using NGINX
Dan Langille edited this page 2019-12-23 14:24:49 -05:00
Table of Contents
Background
This is a neat and effective way to restrict paste uploading using NGINX without breaking anything and without modifying PrivateBin.
Approach
An authentication page is created using NGINX, which, if provided with the correct credentials, will set a cookie with a secret key. All POST requests to the server are restricted using NGINX and only allowed if this secret key is provided. This allows viewing pastes by anyone but not uploading.
Setup
- Create your credentials file at:
/etc/nginx/.htpasswd. You can use the htpasswd tool, tutorial here - Use the following NGINX configuration, make sure you replace
server_nameand configure HTTPS:
server {
server_name paste.example.com;
# update this path
root /usr/local/www/privatebin;
location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ {
expires 30d;
access_log off;
}
location ~ ^/(data|cfg|tmp) {
deny all;
}
location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
deny all;
}
location ~ /\. {
deny all;
}
location / {
limit_except GET HEAD {
auth_basic 'Restricted';
auth_basic_user_file /etc/nginx/.htpasswd;
}
try_files $uri $uri/ /index.php;
}
# this should be whatever you use with PHP
# check your php-fpm.conf files for the correct fastcgi_pass value
location ~ \.php$ {
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /usr/local/etc/nginx/fastcgi_params;
}
}