Allowing apps to work with services using Organizr server auth

When using server authenication to reach theese services you will have trouble using apps like nzb360/Plexpy Remote ect. But by adding an extra block or line in you nginx config you can get around that!

Basic auth

You can use http auth (.htaccess) and embed the username and password into the URL. e.g. https://username:password@domain.com/url So for that to work with nzb360 you need to add username:password@domain.com in IP/Host Address and /service in Server Port for Service

Note: This will not work if you use Server Authentication on your main server block /auth-admin /auth_user)

Create your .htpasswd file and add it to the block. This will protect /service with an extra layer of security.

Use this command to create a .htpasswd file. Just drop the docker part if you don't use that.

docker exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd YOUR-USER-NAME

Use the include syntax and create a basicauth.conf that you include in the block.

include /config/nginx/basicauth.conf;

basicauth.conf contents

auth_basic "Restricted";
auth_basic_user_file /config/nginx/.htpasswd;

If you choose to put the .htaccess in your root folder you can block access to it with this:

location ~ /\. { 
    return 404; 
}
Here are some example blocks with and without basic auth.

Nginx

PlexPy

# PLEXPY ALLOW API FOR MOBILE APP
    location /plexpy/api {
            #auth_request /auth-user;
            #if ($cookie_cookiePassword != "PASSWORD") { return 401; }
            proxy_pass http://192.168.1.34:8181/plexpy/api;
            include /config/nginx/proxy.conf;
            proxy_bind $server_addr;
            proxy_set_header X-Forwarded-Host $server_name;
            proxy_set_header X-Forwarded-Ssl     on;        
    }

Sabnzbd

# SABNZBD redirect
    location /sabnzbd {
        return 301 /sabnzbd/;
    }
# SABNZBD
    location ^~ /sabnzbd/ {
        include /config/nginx/basicauth.conf;
        include /config/nginx/proxy.conf;
        proxy_pass http://192.168.1.34:8383/sabnzbd/;
        proxy_set_header Host $host;
    }

Plexpy Remote and nzb360 Settings


Subdomains

By using subdomains you can have your cake and eat it too! Now you can have server authentication on your sub directories and http auth on your subdomain.

server {
    server_name  service.domain.com;
        listen 80;
        listen 443 ssl http2;

    location / {
        proxy_pass http://IP:PORT;
        #Don't add base URL to the proxy_pass
        include /config/nginx/proxy.conf;
        include /config/nginx/basicauth.conf;
    }   
}

By using basic auth on you apps there is nothing stopping people from trying to brute force their way in. But by implementing Fail2ban, you can give the user or intruder x amount of retries before getting banned! Read more here

W.

Next Post Previous Post

Blog Comments powered by Disqus.