We need to protect various directories or end-point with Nginx. For example, I often password-protect and restrict access using IP address till my side project is ready to go live. This guide explains how to password protect directories or URL locations such as /app/ on an Nginx web server running on Linux or Unix-like systems.
Tutorial details | |
---|---|
Difficulty | Intermediate (rss) |
Root privileges | Yes |
Requirements | Nginx |
Time | 5m |
How to password protect directory with Nginx .htpasswd authentication
The procedure is as follows:
- Open the terminal application
- Log into your server using the ssh command (ssh user@ec2-cloud-server-ip)
- Edit the nginx.conf file and add HTTP basic auth config directives: auth_basic "Restricted Access Only";
- Make sure you set up .htpasswd file: auth_basic_user_file /etc/nginx/.htpasswd;
- Create a new .htpasswd file and add first username and password: htpasswd -c /etc/nginx/.htpasswd user
- Reload the Nginx server: nginx -s reload
Let us see all commands and examples in details to set up password authentication with Nginx.
Step 1 – Install the dependencies necessary to set up psssword authentication with Nginx
You need to install the htpasswd command. It is not part of the Nginx web server. But it is the dependencies necessary for restricting access with HTTP Basic Authentication as per your Linux / Unix distro. Hence, type the command:
## Debian/Ubuntu Linux use apt command ##
sudo apt install apache2-utils
## Fedora/RHEL 8.x use dnf command ##
sudo dnf install httpd-tools
## CentOS/RHEL 7.x use dnf command ##
sudo yum install httpd-tools
## Alpine Linux user apk command ##
sudo apk add apache2-utils
Step 2 – Edit the Nginx config
Edit the /etc/nginx/nginx.conf or virtual domain config file such as www.opensourceflare.com.conf file:
location / { try_files $uri $uri/ /index.php?$query_string; auth_basic "ADMIN Login"; auth_basic_user_file /etc/nginx/.htpasswd-opensourceflare.com; }
Just protect our /app/ directory:
location /app/ { auth_basic "Restricted and Password Protected App"; auth_basic_user_file /etc/nginx/.htpasswd-opensourceflare.com; }
Step 3 – Creating the password file
Use the htpasswd command to create a new /etc/nginx/.htpasswd-opensourceflare.com as follows:
# htpasswd -c {/path/to/.htpasswd-file} {userName}
# htpasswd -c /etc/nginx/.htpasswd-opensourceflare.com vivek
Want to create additional users?. Avoid the -c option because the password file /etc/nginx/.htpasswd-opensourceflare.com already exists on Linux or Unix box:
# htpasswd /etc/nginx/.htpasswd-opensourceflare.com user2
# htpasswd /etc/nginx/.htpasswd-opensourceflare.com ramu
We can see file contains that includes usernames and encrypted passwords as follows using the cat command:
# cat /etc/nginx/.htpasswd-opensourceflare.com
Step 4 – Restarting or reloading the Nginx server
Test the server for errors:
# nginx -t
If not errors, then reload or restart nginx webserver, type:
# nginx -s reload
Step 5 – Test it
In your browser type url:
https://www-your-domain/
https://www-your-domain/app/
https://www.opensourceflare.com/
Verification
Password protecting directories with Nginx and IP address/CIDR
We can fine-tune security by combining Nginx HTTP basic authentication with restriction access by IP Address or CIDR. Therefore, edit the Nginx config file, run:
location / { try_files $uri $uri/ /index.php?$query_string; satisfy all; auth_basic "ADMIN Login"; auth_basic_user_file /etc/nginx/.htpasswd-opensourceflare.com; allow 202.54.1.2; allow 10.8.1.0/24; deny all; }
Again reload or restart the Nginx web server, type:
nginx -t && nginx -s reload
The satisfy directive ensures that clients require a valid IP address and username/password to access our website.
Conclusion
You learned how to configure, set up, and restrict HTTP basic authentication access when using the Nginx web server. See Nginx documentation for further information:
🐧 2 comments so far... add one ↓
Category | List of Unix and Linux commands |
---|---|
File Management | cat |
Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
Network Utilities | dig • host • ip • nmap |
OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
Package Manager | apk • apt |
Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
Searching | grep • whereis • which |
User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
nginx.conf can’t be edited. What to do?
Edit nginx.conf as root:
sudo vim /path/to/nginx.conf
sudo nano /etc/nginx/nginx.conf