How to password protect directory with Nginx .htpasswd authentication

How to password protect directory with Nginx .htpasswd authentication

The procedure is as follows:

1. Open the terminal application
2. Log into your server using the ssh command (ssh user@ec2-cloud-server-ip)
3. Edit the nginx.conf file and add HTTP basic auth config directives: auth_basic "Restricted Access Only";
4. Make sure you set up .htpasswd file: auth_basic_user_file /etc/nginx/.htpasswd;
5. Create a new .htpasswd file and add first username and password: htpasswd -c /etc/nginx/.htpasswd user
6. Reload the Nginx server: nginx -s reload

Let us see all commands and examples in details to set up password authentication with Nginx.

Step 1 – Install the dependencies necessary to set up psssword authentication with Nginx

You need to install the htpasswd command. It is not part of the Nginx web server. But it is the dependencies necessary for restricting access with HTTP Basic Authentication as per your Linux / Unix distro. Hence, type the command:
## Debian/Ubuntu Linux use apt command ##
sudo apt install apache2-utils
## Fedora/RHEL 8.x use dnf command ##
sudo dnf install httpd-tools
## CentOS/RHEL 7.x use dnf command ##
sudo yum install httpd-tools
## Alpine Linux user apk command ##
sudo apk add apache2-utils

Step 2 – Edit the Nginx config

Edit the /etc/nginx/nginx.conf or virtual domain config file such as www.opensourceflare.com.conf file:

location / {
    try_files $uri $uri/ /index.php?$query_string;
    auth_basic          "ADMIN Login";
    auth_basic_user_file /etc/nginx/.htpasswd-opensourceflare.com;
}

Just protect our /app/ directory:

location /app/ {
    auth_basic          "Restricted and Password Protected App";
    auth_basic_user_file /etc/nginx/.htpasswd-opensourceflare.com;
}

Step 3 – Creating the password file

Use the htpasswd command to create a new /etc/nginx/.htpasswd-opensourceflare.com as follows:
# htpasswd -c {/path/to/.htpasswd-file} {userName}
# htpasswd -c /etc/nginx/.htpasswd-opensourceflare.com vivek
Want to create additional users?. Avoid the -c option because the password file /etc/nginx/.htpasswd-opensourceflare.com already exists on Linux or Unix box:
# htpasswd /etc/nginx/.htpasswd-opensourceflare.com user2
# htpasswd /etc/nginx/.htpasswd-opensourceflare.com ramu
We can see file contains that includes usernames and encrypted passwords as follows using the cat command:
# cat /etc/nginx/.htpasswd-opensourceflare.com

Step 4 – Restarting or reloading the Nginx server

Test the server for errors:
# nginx -t
If not errors, then reload or restart nginx webserver, type:
# nginx -s reload

Step 5 – Test it

In your browser type url:
https://www-your-domain/
https://www-your-domain/app/
https://www.opensourceflare.com/

Verification

Password protecting directories with Nginx and IP address/CIDR

We can fine-tune security by combining Nginx HTTP basic authentication with restriction access by IP Address or CIDR. Therefore, edit the Nginx config file, run:

location / {
    try_files $uri $uri/ /index.php?$query_string;
    satisfy all;
    auth_basic          "ADMIN Login";
    auth_basic_user_file /etc/nginx/.htpasswd-opensourceflare.com;
    allow 202.54.1.2;
    allow 10.8.1.0/24;
    deny all;
}

Again reload or restart the Nginx web server, type:
nginx -t && nginx -s reload
The satisfy directive ensures that clients require a valid IP address and username/password to access our website.

Conclusion

You learned how to configure, set up, and restrict HTTP basic authentication access when using the Nginx web server. See Nginx documentation for further information: