can someone point me to the instructions for settings up AWStats against NGINX. I also hear read some security issues on setting up AWStats with fast-cgi. Is that a real threat and if so how can I avoid it ?



thanks

1 .Install awstats from your package manager
2. follow one of these http://library.linode.com/web-servers/n ... l-fastcgi/
3. Generate a htpasswd file with

htpasswd -c /path/to/.htpasswd username

4. add the following to your nginx config file for awstats

location /path/to/awstats
{
auth_basic            "Restricted";
  auth_basic_user_file  /path/to/.htpasswd;
}

5. restart nginx

That will add password protection to awstats.

As for security issues, that's what the password protection is for.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

As far as security for admin tools, my standard method is to configure nginx to serve the admin site on localhost, and then access it over ssh tunnel.

That way, I don't have to fight with passwords and such, I just "ssh -ND 9999 mysite.com" and I can access phpmyadmin/monit/awstats/etc, and nobody else can.

Of course, if you're trying to use awstats to serve content for other users, this becomes harder.

Indeed akerl's method is more secure and simpler in a single user environment.

You can also try using a VPN and serving pages over that.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

Thanks to both of you for the reply. A little bit of searching also lend me to this page. I assume all the steps listed tehre is required as well ?

http://blog.rubynginx.com/index.php/201 ... /#more-150

Thanks to both of you for the reply. A little bit of searching also lend me to this page. I assume all the steps listed tehre is required as well ?

http://blog.rubynginx.com/index.php/201 ... /#more-150

Not really that's for phpmyadmin phpphadmin as well and the php script for running fastcgi seems a little over the top too.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue