diff options
author | Graham Christensen <graham@grahamc.com> | 2020-11-02 08:15:28 -0500 |
---|---|---|
committer | Graham Christensen <graham@grahamc.com> | 2020-11-02 08:16:01 -0500 |
commit | 3361a037b9c29254b611de76dbc14bded60a3bd8 (patch) | |
tree | 1f8d2786464eab4819355064142637429163a0df | |
parent | a4b86b2bf5bd85f1695a8b47bd07657758de1722 (diff) |
nginx: add a warning that nginx's basic auth isn't very good.
-rw-r--r-- | nixos/modules/services/web-servers/nginx/location-options.nix | 7 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/nginx/vhost-options.nix | 7 |
2 files changed, 10 insertions, 4 deletions
diff --git a/nixos/modules/services/web-servers/nginx/location-options.nix b/nixos/modules/services/web-servers/nginx/location-options.nix index 793f29f09fb1..f2fc07255725 100644 --- a/nixos/modules/services/web-servers/nginx/location-options.nix +++ b/nixos/modules/services/web-servers/nginx/location-options.nix @@ -21,7 +21,7 @@ with lib; Basic Auth protection for a vhost. WARNING: This is implemented to store the password in plain text in the - nix store. + Nix store. ''; }; @@ -30,7 +30,10 @@ with lib; default = null; description = '' Basic Auth password file for a vhost. - Can be created via: <command>htpasswd -c <filename> <username></command> + Can be created via: <command>htpasswd -c <filename> <username></command>. + + WARNING: The generate file contains the users' passwords in a + non-cryptographically-securely hashed way. ''; }; diff --git a/nixos/modules/services/web-servers/nginx/vhost-options.nix b/nixos/modules/services/web-servers/nginx/vhost-options.nix index 455854e2a965..cf211ea9a71b 100644 --- a/nixos/modules/services/web-servers/nginx/vhost-options.nix +++ b/nixos/modules/services/web-servers/nginx/vhost-options.nix @@ -198,7 +198,7 @@ with lib; Basic Auth protection for a vhost. WARNING: This is implemented to store the password in plain text in the - nix store. + Nix store. ''; }; @@ -207,7 +207,10 @@ with lib; default = null; description = '' Basic Auth password file for a vhost. - Can be created via: <command>htpasswd -c <filename> <username></command> + Can be created via: <command>htpasswd -c <filename> <username></command>. + + WARNING: The generate file contains the users' passwords in a + non-cryptographically-securely hashed way. ''; }; |