xamxam/nginx/docs/ADMIN_USERS.md

Managing Admin Users - Post-ERG

Quick guide to manage admin users for the Post-ERG admin panel.

---

🎯 Quick Commands

Interactive Menu (Recommended)

# From your local machine
just manage-admin-users

# Then on the server
ssh xamxam
sudo bash /tmp/manage-admin-users.sh

This gives you an interactive menu to:

1. List all users
2. Add new user
3. Change user password
4. Delete user
5. Reset all (start fresh)

---

📝 Manual Commands

List Current Users

ssh xamxam
sudo cut -d: -f1 /etc/nginx/.htpasswd-xamxam

Change Password for Existing User

ssh xamxam
sudo htpasswd /etc/nginx/.htpasswd-xamxam username_here

You'll be prompted to enter the new password twice.

Add New User

ssh xamxam
sudo htpasswd /etc/nginx/.htpasswd-xamxam new_username

Delete User

ssh xamxam
sudo htpasswd -D /etc/nginx/.htpasswd-xamxam username_to_delete

Reset Everything (Start Fresh)

ssh xamxam
sudo htpasswd -c /etc/nginx/.htpasswd-xamxam new_username

⚠️ Warning: The -c flag creates a new file, deleting all existing users!

---

🚀 Deploy Management Script

To upload the interactive management script to the server:

# From your local machine
just manage-admin-users

# Or manually:
rsync -v scripts/manage-admin-users.sh xamxam:/tmp/manage-admin-users.sh

---

🔑 Current Setup

After deployment, your admin panel has:

• URL: https://xamxam.erg.be/admin/
• Current user: test_posterg_22@
• Password: Set during initial deployment

---

💡 Common Scenarios

Scenario 1: Change Current Password

ssh xamxam
sudo htpasswd /etc/nginx/.htpasswd-xamxam test_posterg_22@
# Enter new password when prompted

Scenario 2: Change Username

Since you can't rename users, you need to:

ssh xamxam
# Add new user
sudo htpasswd /etc/nginx/.htpasswd-xamxam new_username
# Delete old user
sudo htpasswd -D /etc/nginx/.htpasswd-xamxam test_posterg_22@

Scenario 3: Forgot Username

ssh xamxam
sudo cut -d: -f1 /etc/nginx/.htpasswd-xamxam

Scenario 4: Multiple Admins

ssh xamxam
# Add second admin
sudo htpasswd /etc/nginx/.htpasswd-xamxam admin2
# Add third admin
sudo htpasswd /etc/nginx/.htpasswd-xamxam admin3

All users can log into /admin/ with their own credentials.

Scenario 5: Start Over with New Username

ssh xamxam
# This will DELETE ALL existing users and create a new one
sudo htpasswd -c /etc/nginx/.htpasswd-xamxam new_admin

---

🧪 Testing

After changing users/passwords:

# Test that password is required
curl -I https://xamxam.erg.be/admin/
# Should return: 401 Unauthorized

# Test with credentials
curl -u username:password https://xamxam.erg.be/admin/
# Should return: 200 OK

No nginx reload needed - changes take effect immediately!

---

📊 Password File Details

Location: /etc/nginx/.htpasswd-xamxam

Format: Standard Apache htpasswd format

username:$apr1$encrypted_password_hash

Permissions:

-rw-r--r-- root root /etc/nginx/.htpasswd-xamxam

---

🔒 Security Tips

1. Use Strong Passwords

   # Generate a strong password
   openssl rand -base64 32
   

2. Avoid Common Usernames

   • ❌ Bad: admin, administrator, root
   • ✅ Good: xamxam_admin, erg_webmaster

3. Regular Password Changes

   • Change passwords every 3-6 months
   • Change immediately if compromised

4. Monitor Access

   # Check who's accessing the admin panel
   ssh xamxam
   sudo grep "admin" /var/log/nginx/xamxam_access.log
   

5. Backup Password File

   ssh xamxam
   sudo cp /etc/nginx/.htpasswd-xamxam /etc/nginx/.htpasswd-xamxam.backup
   

---

🆘 Troubleshooting

"401 Unauthorized" even with correct password

Check file exists:

ssh xamxam
ls -la /etc/nginx/.htpasswd-xamxam

Verify user exists:

sudo cat /etc/nginx/.htpasswd-xamxam

Check nginx config:

sudo grep -A 5 "auth_basic" /etc/nginx/sites-available/xamxam

Can't change password - "command not found"

Install apache2-utils:

ssh xamxam
sudo apt update
sudo apt install apache2-utils

Password file got deleted

Recreate it:

ssh xamxam
sudo htpasswd -c /etc/nginx/.htpasswd-xamxam new_admin

---

📞 Quick Reference

Task	Command
Interactive menu	sudo bash /tmp/manage-admin-users.sh
List users	sudo cut -d: -f1 /etc/nginx/.htpasswd-xamxam
Change password	sudo htpasswd /etc/nginx/.htpasswd-xamxam username
Add user	sudo htpasswd /etc/nginx/.htpasswd-xamxam newuser
Delete user	sudo htpasswd -D /etc/nginx/.htpasswd-xamxam username
Reset all	sudo htpasswd -c /etc/nginx/.htpasswd-xamxam newuser
Generate password	openssl rand -base64 32

---

✅ After Making Changes

No action needed! Changes to the password file take effect immediately.

You can verify with:

curl -u username:password https://xamxam.erg.be/admin/

---

Remember: Store passwords securely using a password manager! 🔐