Score:1

Nginx Http Basic Auth Security

us flag

So lets say I host something like netdata dash board on port 6000.

Then I nginx reverse proxy it to the subdomain netdata.domain.com

While basic auth is applied at the nginx.conf to allow site wide protection.

My question is, since my connection to netdata.domain.com is http instead of https, my data is not encrypted. So won't logging into to nginx basic auth under this connection basically expose the password for a MITM attack?

But if I add cloudflare between the real ip, that gives a layer of proxy and basically adds a lot of difficulty for that to happen right?

I don't know if my concern is valid.

djdomi avatar
za flag
why would you want to use http instead of https? there is no reason why you can't
Score:2
ar flag

My question is, since my connection to netdata.domain.com is http instead of https, my data is not encrypted. So won't logging into to nginx basic auth under this connection basically expose the password for a MITM attack?

Correct. It's sent entirely in cleartext, and anyone in the path may read it trivially.

But if I add cloudflare between the real ip, that gives a layer of proxy and basically adds a lot of difficulty for that to happen right?

If you configure CF to require TLS, then the connection between client and CF will be encrypted. Between CF and server it won't be.

It's 2021. Certificates are free, and trivially automatable on all platforms. Do not deploy authentication over HTTP in 2021. Configure it the proper way with TLS on your web server.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.