Topic: Adding extra security to iRedAdmin
==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.4 (OS)
- Linux/BSD distribution name and version: Debian 8.0
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL (MariaDB)
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? yes, but not on this testing machine
- Related log if you're reporting an issue:
====
Okay, we run a production machine with iRedAdmin-Pro on apache. Now I was playing aroud with the free edition to check out the newest version in combination with nginx. I was trying to add some extra security to the iRedAdmin panel before exposing it to the web. I was thinking about adding a authentication layer with auth_basic, but I can not figure out where to put the lines:
auth_basic "Restricted";
auth_basic_user_file /somelocation/.htpasswd
I've tried a lot of places, mostly in /etc/nginx/templates/iredadmin.tmpl, but it does not seem to work. Does anyone have an idea how (where) to do this, or how to add other extra security layer (maybe an IP filter?). Or is this totally unnecessary?
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.