Resources for Developers

Secure your app with HTTP Basic Auth

Introduction

Our PHP deployment stack is using Nginx and PHP-FPM to answer your application request. If you want to setup basic auth in front of your app or a part of your app, there are two ways to do it.

Either you configure the authentication before your application reaches the PHP code or you implement this in your application. Here is an example of the latter with Symfony2.

We present in this article how to configure the HTTP basic auth, independently from your application.

Configuration

Nginx configuration

Create a directory config in your project:

mkdir config

Edit the file nginx-basic-auth.conf in this directory with the following content:

For the complete website:

auth_basic           "Protected Site";
auth_basic_user_file "/app/config/htpasswd";

Part of a website, here everything under /wp-admin:

location ~ /wp-admin {
  auth_basic           "Protected Site";
  auth_basic_user_file "/app/config/htpasswd";
}

Create the config/htpasswd file with the couples user/encrypted password using the following command:

htpasswd -c config/htpasswd username

# Then a prompt will ask for the password

That’s it with those two files, Nginx will be able to ask for basic auth! Last thing you need to do is to instruct Scalingo’s deployment process to use your configuration file.

Deployment process configuration

This process requires you to edit the composer.json file of your project. Edit the file the following way:

{
  ...
  "extra": {
    "paas": {
      "nginx-includes": ["config/nginx-basic-auth.conf"]
    }
  }
}

If you are not using composer, create a composer.json file with the previous content, and also create a file composer.lock containing an empty JSON dictionary {}.

Tip: You can find more information about extra configuration in the PHP support page.

Redeploy your app

git add config/nginx-basic-auth.conf config/htpasswd composer.json
git commit -m "setup basic auth"
git push scalingo master

That’s it basic auth will be asked when connecting to the website.


mode_edit Suggest edits