From 3361a037b9c29254b611de76dbc14bded60a3bd8 Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Mon, 2 Nov 2020 08:15:28 -0500 Subject: [PATCH] nginx: add a warning that nginx's basic auth isn't very good. --- .../services/web-servers/nginx/location-options.nix | 7 +++++-- nixos/modules/services/web-servers/nginx/vhost-options.nix | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/nixos/modules/services/web-servers/nginx/location-options.nix b/nixos/modules/services/web-servers/nginx/location-options.nix index 793f29f09fb..f2fc0725572 100644 --- a/nixos/modules/services/web-servers/nginx/location-options.nix +++ b/nixos/modules/services/web-servers/nginx/location-options.nix @@ -21,7 +21,7 @@ with lib; Basic Auth protection for a vhost. WARNING: This is implemented to store the password in plain text in the - nix store. + Nix store. ''; }; @@ -30,7 +30,10 @@ with lib; default = null; description = '' Basic Auth password file for a vhost. - Can be created via: htpasswd -c <filename> <username> + Can be created via: htpasswd -c <filename> <username>. + + WARNING: The generate file contains the users' passwords in a + non-cryptographically-securely hashed way. ''; }; diff --git a/nixos/modules/services/web-servers/nginx/vhost-options.nix b/nixos/modules/services/web-servers/nginx/vhost-options.nix index 455854e2a96..cf211ea9a71 100644 --- a/nixos/modules/services/web-servers/nginx/vhost-options.nix +++ b/nixos/modules/services/web-servers/nginx/vhost-options.nix @@ -198,7 +198,7 @@ with lib; Basic Auth protection for a vhost. WARNING: This is implemented to store the password in plain text in the - nix store. + Nix store. ''; }; @@ -207,7 +207,10 @@ with lib; default = null; description = '' Basic Auth password file for a vhost. - Can be created via: htpasswd -c <filename> <username> + Can be created via: htpasswd -c <filename> <username>. + + WARNING: The generate file contains the users' passwords in a + non-cryptographically-securely hashed way. ''; };