Allowing apps to work with services using Organizr server auth

When using server authenication to reach theese services you will have trouble using apps like nzb360/Plexpy Remote ect. But by adding an extra block or line in you nginx config you can get around that!

Basic auth

You can use http auth (.htaccess) and embed the username and password into the URL. e.g. So for that to work with nzb360 you need to add in IP/Host Address and /service in Server Port for Service

Note: This will not work if you use Server Authentication on your main server block /auth-admin /auth_user)

Create your .htpasswd file and add it to the block. This will protect /service with an extra layer of security.

Use this command to create a .htpasswd file. Just drop the docker part if you don't use that.

docker exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd YOUR-USER-NAME

Use the include syntax and create a basicauth.conf that you include in the block.

include /config/nginx/basicauth.conf;

basicauth.conf contents

auth_basic "Restricted";
auth_basic_user_file /config/nginx/.htpasswd;

If you choose to put the .htaccess in your root folder you can block access to it with this:

location ~ /\. { 
    return 404; 
Here are some example blocks with and without basic auth.



    location /plexpy/api {
            #auth_request /auth-user;
            #if ($cookie_cookiePassword != "PASSWORD") { return 401; }
            include /config/nginx/proxy.conf;
            proxy_bind $server_addr;
            proxy_set_header X-Forwarded-Host $server_name;
            proxy_set_header X-Forwarded-Ssl     on;        


# SABNZBD redirect
    location /sabnzbd {
        return 301 /sabnzbd/;
    location ^~ /sabnzbd/ {
        include /config/nginx/basicauth.conf;
        include /config/nginx/proxy.conf;
        proxy_set_header Host $host;

Plexpy Remote and nzb360 Settings


By using subdomains you can have your cake and eat it too! Now you can have server authentication on your sub directories and http auth on your subdomain.

server {
        listen 80;
        listen 443 ssl http2;

    location / {
        proxy_pass http://IP:PORT;
        #Don't add base URL to the proxy_pass
        include /config/nginx/proxy.conf;
        include /config/nginx/basicauth.conf;

By using basic auth on you apps there is nothing stopping people from trying to brute force their way in. But by implementing Fail2ban, you can give the user or intruder x amount of retries before getting banned! Read more here


Next Post Previous Post

Blog Comments powered by Disqus.