Category Ubuntu Linux

How to Secure Nginx Directory with HTTP Basic Authentication on Ubuntu Linux

Author Richard W Published on 2 min read
telework 5059653 640
telework 5059653 640

Nginx doesn’t have HTTP Basic Authentication like what you have for the Apache2 HTTP server. However, you can use Apache2 utils to protect Nginx directories with basic password authentication.

This brief tutorial shows students and new users how to use Apache2 utils to generate basic password authentication for Nginx directories.

This feature can be used to protect directories with basic passwords. It’s a great feature and can add a layer of protection to existing directories.

To protect Nginx directories with basic password authentication, the steps below are a great place to start:

Install Apache2 HTTP Utility

Again, Nginx doesn’t have this tool. So if you need to protect Nginx directories, install this Apache2 tool. To install, run the commands below.

sudo apt install apache2-utils

Create a .htpasswd file

Now that you’ve installed Apache2 utils run the commands below to create a password file for users. The commands below prompt you to create a new password for the username specified and store the file in the defined directory. /etc/nginx/.htpasswd

sudo htpasswd -c /etc/nginx/.htpasswd myusername

Replace myusername with the username you wish to use. You can choose any directory to save the htpasswd file. However, you must specify the location when configuring Nginx.

After running the commands above, a new hidden passwd file for the username you selected will be saved in the /etc/nginx/.htpasswd file.

Below is the output of the command:

sudo htpasswd -c /etc/nginx/.htpasswd richard
New password:
Re-type new password:
Adding password for user richard

Protect Nginx Directories

Now that the password file is created, use the highlighted code block below to protect an Nginx directory.

The Nginx default site configuration file is at /etc/nginx/sites-available/default.

Add these lines below to the directory you want to protect.

server {
    listen 80;
    listen [::]:80;
    root /var/www/html;
    index  index.php index.html index.htm;
    server_name  example.com www.example.com;

     client_max_body_size 100M;

    location / {
        try_files $uri $uri/ /index.php?$args;        
    }

    location ^~ /Private/ {
       auth_basic            "Restricted";
       auth_basic_user_file  /etc/nginx/.htpasswd;
    }
.
.

Save the file.

Whenever you try browsing the /Private directory, you should get a basic HTTP authentication prompt to type a username and password.

To protect the entire Nginx site, define the root location to protect:  /var/www/html

Example:

server {
    listen 80;
    listen [::]:80;
    root /var/www/html;
    index  index.php index.html index.htm;
    server_name  example.com www.example.com;

     client_max_body_size 100M;

    location / {
        try_files $uri $uri/ /index.php?$args;        
    }

    location / {
        root /var/www/html;
        auth_basic            "Restricted";
        auth_basic_user_file  /etc/nginx/.htpasswd;
     }
..
..

Save the file.

The next time you browse the domain, you will be prompted, as shown below.

nginx ubuntu htpasswd

That’s it!

You may also like the post below:

Posted by
Richard W

I love computers; maybe way too much. What I learned I try to share at geekrewind.com.

You may also like

1 Comment

  1. COTIGA

    If we use FASTCGI, this protects the directory but not .php files inside

    Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: