In this guide we will set up password authentication for Nginx to password protect a web directory.
We will first install apache2-utils, which can generate the .htpasswd file that works with both Nginx and Apache.
sudo apt-get install apache2-utilsOnce installed, we can name generate the .htpasswd file. Simply change username to the username you require. Generate a password and keep it safe.
sudo htpasswd -c /etc/nginx/.htpasswd usernameThere should now be a .htpasswd file containing your username and encrypted password. You can check with:
cat /etc/nginx/.htpasswdWe now need to add two directives to our Nginx configuration file. The location of the config file may vary depending on your setup, though the default is usually in /etc/nginx/sites-available/default.
sudo nano /etc/nginx/sites-available/defaultIf you want to password protect the entire domain, look for the location block and add two new directives marked in red below.
. . .
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
}
. . .Save file and exit (press CTRL + X, press Y and then press ENTER).
Check that the Nginx config file is valid.
sudo nginx -tIf valid, reload Nginx config.
sudo service nginx reloadYou can now open the web directory in your browser and you should be prompted to enter a password.
If you want to password protect a particular folder, you will need to create a new location block underneath the original.
This example below will protect the directory called /test.
. . .
location /test {
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
}
. . .Let me know if this helped. Follow me on Twitter, Facebook and YouTube, or 🍊 buy me a smoothie.
