Additional security for aMember admin login in Nginx

Discussion in 'Setting-up protection' started by frybread, Jan 13, 2017.

  1. frybread

    frybread aMember Pro Customer

    Joined:
    Jul 14, 2008
    Messages:
    43
    I like to put admin logins for everything behind HTTP Authentication (htpasswd in apache).

    In apache, it's easy:

    Code:
    <Location ~ "/amember/admin.*">
    AuthName "Admin Protection"
    AuthType Basic
    AuthUserFile /home/frybread/secret/.htpasswd
    AuthGroupFile /dev/null
    require valid-user
    </Location>
    In Nginx, it's not so easy. I've tried:

    Code:
         location = /amember/admin {
            auth_basic "Admin Protection";
            auth_basic_user_file /home/frybread/secret/.htpasswd;
            }
    And get a 404 after completing that password. Any know how to make this work in Nginx?
  2. caesar

    caesar aMember Pro Developer Staff Member

    Joined:
    Oct 16, 2009
    Messages:
    1,686
    Hello,

    I am afraid it is not easy task to do. Your Apache code is not correct as well. Please take into account that aMember
    can have the following admin urls that is not matched by your regular expression
    /amember/cart/admin.*
    /amember/helpdesk/admin.*
    /amember/aff/admin.*
    etc.

    Do you know aMember support 2 factor authentication (for both admin and user side)? May be it can solve your case. aMember supports 2FA with either https://www.authy.com/ or https://duo.com/
  3. paul_taylor

    paul_taylor aMember Pro Customer

    Joined:
    Aug 29, 2006
    Messages:
    7
    Hi

    How do I get amember to work with 2FA. Searching on authy.com and duo.com I see no mention of amember. In other applications, I use my authy app to scan a barcode. So I presume I need to find a way for amember to generate a barcode - but how?

    thanks

    Paul
  4. caesar

    caesar aMember Pro Developer Staff Member

    Joined:
    Oct 16, 2009
    Messages:
    1,686

Share This Page