Ad Widget

Collapse

Nginx error Hiding top passwords list

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • markfree
    Senior Member
    • Apr 2019
    • 868
    #1

    Nginx error Hiding top passwords list

    According to "best practices" documentation, I tried to hide the common passwords list.
    So, I've added at the end of Nginx configuration file the following directive:
    Code:
    location = /data/top_passwords.txt {
    deny all;
    return 404;
}
    When I try to restart Nginx it gives me an error.
    Code:
    $ sudo nginx -t
nginx: [emerg] unexpected "}" in /etc/nginx/conf.d/zabbix.conf:76
nginx: configuration file /etc/nginx/nginx.conf test failed
    That error points to the end of the configuration file:
    Code:
    70     }
71
72     location = /data/top_passwords.txt {
73         deny all;
74         return 404;
75     }​​​​
76 }
    I'm sure there's no missing braces, but still, it fails at that "}".

    Any idea of what's going on?
    Tags: configuration, frontend, https, nginx, password
    • vladimir_lv
      Senior Member
      • May 2022
      • 240
      #2
      Did you install the Apache2-utils package on your server? It will not install the Apache webserver on our system, but it allows us to use the htpasswd utility to create and manage password files on your server.

        Comment

        • cyber
          Senior Member
          Zabbix Certified SpecialistZabbix Certified Professional
          • Dec 2006
          • 4806
          #3
          Originally posted by vladimir_lv
          Did you install the Apache2-utils package on your server? It will not install the Apache webserver on our system, but it allows us to use the htpasswd utility to create and manage password files on your server.
          Now, why would he need that? He needs to deny access to specific file, not "manage" any passwords.

          Maybe you still count your {}-s?

            Comment

            • vladimir_lv
              #3.1
              vladimir_lv commented
              30-06-2022, 10:18
              Editing a comment
              Jepp, you are right. The location has to be opened and closed in curly braces and then another curly brace for the server's end
            • markfree
              Senior Member
              • Apr 2019
              • 868
              #4
              cyber
              Maybe you still count your {}-s?
              I'm not sure what you mean by that.

              My /etc/nginx/conf.d/zabbix.conf configuration file is as follow and I can't see any issue with it. I only added the location = /data/top_passwords.txt directive.
              Code:
              server {
listen 80;
server_name _;

root /usr/share/zabbix;

index index.php;

location /basic_status {
stub_status;
access_log off;
allow 127.0.0.1; #only allow requests from localhost
allow 172.17.204.99; #only allow requests from localhost
allow 172.17.204.84; # Allow requests from Zabbix Server 1
allow 172.30.83.51; # Allow requests from Zabbix server 2
deny all; [HASHTAG="t481"]deny[/HASHTAG] all other hosts
}

location = /favicon.ico {
log_not_found off;
}

location / {
try_files $uri $uri/ =404;
}

location /assets {
access_log off;
expires 10d;
}

location ~ /\.ht {
deny all;
}

location ~ /(api\/|conf[^\.]|include|locale) {
deny all;
return 404;
}

location /vendor {
deny all;
return 404;
}

location ~ [^/]\.php(/|$) {
fastcgi_pass unix:/run/php-fpm/zabbix.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;

fastcgi_param DOCUMENT_ROOT /usr/share/zabbix;
fastcgi_param SCRIPT_FILENAME /usr/share/zabbix$fastcgi_script_name;
fastcgi_param PATH_TRANSLATED /usr/share/zabbix$fastcgi_script_name;

include fastcgi_params;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}

location = /data/top_passwords.txt {
deny all;
return 404;
}​​​​​​​
}

              PS: this forum editor removed the leading spaces.

                Comment

                • markfree
                  Senior Member
                  • Apr 2019
                  • 868
                  #5
                  I've found the issue.
                  Since I copied the directive from documentation, after the starting and closing braces there were some invisible spaces or something like it.

                  I've displayed the "space" characters and those hidden characters were still not visible, but while scrolling the text with the arrow keys I noticed those hidden characters.

                  After retyping the text, the syntax test was successful.

                  Thanks guys.

                    Comment

                    • markfree
                      Senior Member
                      • Apr 2019
                      • 868
                      #6
                      I've reported the issue, but, for now, it is still present.
                      Even if you display everything after copying the docs suggested directive, it still comes with those weird hidden characters.
                      Click image for larger version Name: hidden_chars.png Views: 0 Size: 4.4 KB ID: 447201

                      I managed to test this issue with 2 different PCs, but I'm not sure this only happens with me.

                        Comment

                        Previous template Next
                        Working...