![]() Listen :80 default_server ipv6only=on access_log off We absolutely want to require SSL for our data transfer, so the first block will tell nginx to redirect regular HTTP traffic to HTTPS. You can delete the other contents or comment them out. Inside, we will create two server blocks. Open it in your text editor with root privileges: sudo nano /etc/nginx/sites-available/default We will be modifying the default server block file. Now, we’re ready to create our Nginx configuration. We can now set up our nginx configuration to serve this directory. The web server will be given group ownership of new files created in the directory.The web server is the group owner of all files.The web server is the user and group owner of the directory.Our directories and files should now be configured correctly. We should also give group ownership to our web server for everything already in this directory: sudo chown :www-data ~/secure_html/* Note: At this point, you should log out and log back in so that the system will recognize your new group membership. Now, we need to add our system user to our the www-data group so that we can access the directory that we just secured: ![]() We can do this by setting the setgiud bit on our directory: sudo chmod 2770 ~/secure_html We also want to make all of the additional files that will be created under this directory accessible to the web user. Now, we need to give the user and group that nginx operates under ownership of the directory: sudo chown www-data:www-data ~/secure_html Now, move the database file into that directory: mv ~/password_database.kdbx ~/secure_html In our home directory (as a regular user), make a new directory for your password database: mkdir ~/secure_html In order for our web server to correctly access the file and be able to read and write content, we need to create a proper web directory to store the file. We will assume that this file is in your home directory. We will be serving a file called password_database.kdbx. It does not have to be a user that exists as a system account. The user account can be anything you’d like. This will create a file called htpasswd in the /etc/nginx directory, with an entry for a user called demo_user. Sudo htpasswd -c /etc/nginx/htpasswd demo_user We can generate the password file by specifying a file location and a user account to create: This will install the htpasswd tool, which can be used to create secure password files that our web server can read and understand. We can get the package from the repositories: sudo apt-get install apache2-utils The easiest way to do this is actually to install a set of tools called apache2-utils. We do not want to allow just anyone to access our passwords database. However, we also need to implement a mechanism for authenticating ourselves to the server. We now have SSL certificates to encrypt our communications to our server. When you are finished, you will have two files called nginx.key and nginx.crt in your /etc/nginx/ssl directory. This is asking for the domain name or IP address of your server. The most important question is the one that reads Common Name (e.g. This will ask you a series of questions about your site. Now, we can generate a self-signed SSL certificate by typing: sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt To begin, create a directory under the nginx configuration hierarchy that can be used to store our SSL files: sudo mkdir /etc/nginx/ssl This will encrypt our data during transfer so that outside parties cannot read our password information. We will be securing our communication with the server by using SSL. This will download and install the web server. ![]() Install the web server by typing: sudo apt-get update Now, we need to configure a web server to provide secure access to our file. Install NginxĪs a prerequisite to this tutorial, we assume that you have completed the previous guide and have a KeePass2 database file on your remote server. This will let you keep your passwords in a secure location while still allowing you to access the database from any of your devices. We will then show you how to connect to and use this remote database file with a local installation of KeePass2. In this guide, we will set up the server to provide secure access to our database file with nginx. In a previous guide, we discussed how to use kpcli to interact with KeePass database files on a remote server. KeePass2 is an application that allows you to store, manage, and generate strong passwords for your websites and applications, securely and easily.
0 Comments
Leave a Reply. |