How to password protect directory with Nginx .htpasswd authentication

I need to restrict access to /app/ directory on Nginx. How do I set up password protect a directory with Nginx .htpasswd authentication on Linux or Unix-like systems?

We need to protect various directories or end-point with Nginx. For example, I often password-protect and restrict access using IP address till my side project is ready to go live. This guide explains how to password protect directories or URL locations such as /app/ on an Nginx web server running on Linux or Unix-like systems.
Tutorial details
Difficulty Intermediate (rss)
Root privileges Yes
Requirements Nginx
Time 5m

How to password protect directory with Nginx .htpasswd authentication

The procedure is as follows:

  1. Open the terminal application
  2. Log into your server using the ssh command (ssh user@ec2-cloud-server-ip)
  3. Edit the nginx.conf file and add HTTP basic auth config directives: auth_basic "Restricted Access Only";
  4. Make sure you set up .htpasswd file: auth_basic_user_file /etc/nginx/.htpasswd;
  5. Create a new .htpasswd file and add first username and password: htpasswd -c /etc/nginx/.htpasswd user
  6. Reload the Nginx server: nginx -s reload

Let us see all commands and examples in details to set up password authentication with Nginx.

Step 1 – Install the dependencies necessary to set up psssword authentication with Nginx

You need to install the htpasswd command. It is not part of the Nginx web server. But it is the dependencies necessary for restricting access with HTTP Basic Authentication as per your Linux / Unix distro. Hence, type the command:
## Debian/Ubuntu Linux use apt command ##
sudo apt install apache2-utils
## Fedora/RHEL 8.x use dnf command ##
sudo dnf install httpd-tools
## CentOS/RHEL 7.x use dnf command ##
sudo yum install httpd-tools
## Alpine Linux user apk command ##
sudo apk add apache2-utils

Step 2 – Edit the Nginx config

Edit the /etc/nginx/nginx.conf or virtual domain config file such as www.opensourceflare.com.conf file:

location / {
    try_files $uri $uri/ /index.php?$query_string;
    auth_basic          "ADMIN Login";
    auth_basic_user_file /etc/nginx/.htpasswd-opensourceflare.com;
}

Just protect our /app/ directory:

location /app/ {
    auth_basic          "Restricted and Password Protected App";
    auth_basic_user_file /etc/nginx/.htpasswd-opensourceflare.com;
}

Step 3 – Creating the password file

Use the htpasswd command to create a new /etc/nginx/.htpasswd-opensourceflare.com as follows:
# htpasswd -c {/path/to/.htpasswd-file} {userName}
# htpasswd -c /etc/nginx/.htpasswd-opensourceflare.com vivek

Want to create additional users?. Avoid the -c option because the password file /etc/nginx/.htpasswd-opensourceflare.com already exists on Linux or Unix box:
# htpasswd /etc/nginx/.htpasswd-opensourceflare.com user2
# htpasswd /etc/nginx/.htpasswd-opensourceflare.com ramu

We can see file contains that includes usernames and encrypted passwords as follows using the cat command:
# cat /etc/nginx/.htpasswd-opensourceflare.com

Step 4 – Restarting or reloading the Nginx server

Test the server for errors:
# nginx -t
If not errors, then reload or restart nginx webserver, type:
# nginx -s reload

Step 5 – Test it

In your browser type url:
https://www-your-domain/
https://www-your-domain/app/
https://www.opensourceflare.com/

Verification

Password protecting directories with Nginx and IP address/CIDR

We can fine-tune security by combining Nginx HTTP basic authentication with restriction access by IP Address or CIDR. Therefore, edit the Nginx config file, run:

location / {
    try_files $uri $uri/ /index.php?$query_string;
    satisfy all;
    auth_basic          "ADMIN Login";
    auth_basic_user_file /etc/nginx/.htpasswd-opensourceflare.com;
    allow 202.54.1.2;
    allow 10.8.1.0/24;
    deny all;
}

Again reload or restart the Nginx web server, type:
nginx -t && nginx -s reload
The satisfy directive ensures that clients require a valid IP address and username/password to access our website.

Conclusion

You learned how to configure, set up, and restrict HTTP basic authentication access when using the Nginx web server. See Nginx documentation for further information:


🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 2 comments so far... add one

CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
2 comments… add one
  • Deepak Kumar Jan 31, 2021 @ 17:05

    nginx.conf can’t be edited. What to do?

    • 🐧 Vivek Gite Feb 1, 2021 @ 0:30

      Edit nginx.conf as root:
      sudo vim /path/to/nginx.conf
      sudo nano /etc/nginx/nginx.conf

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Problem posting comment? Email me @ webmaster@cyberciti.biz