🌐 How to password protect directory with .htpasswd authentication on Nginx

How do I restrict access to the / app / directory on Nginx?

How to set up password protection of a directory with Nginx .htpasswd authentication on Linux or Unix-like systems?

We need to secure various directories or endpoints on Nginx.

For example, I often password protect and restrict access with an IP address until my project is ready to run.

This tutorial explains how to password protect directories or URLs such as / app / on an Nginx web server running on Linux or Unix-like systems.

How to password protect a directory with Nginx authentication .htpasswd

The procedure is as follows:

  1. Open a terminal application
  2. Login to your server using the ssh command (ssh user @ ec2-cloud-server-ip)
  3. Edit the nginx.conf file and add the HTTP basic auth configuration directives: auth_basic “Restricted Access Only”;
  4. Make sure you have configured the .htpasswd file: auth_basic_user_file /etc/nginx/.htpasswd;
  5. Create a new .htpasswd file and add the first username and password: htpasswd -c /etc/nginx/.htpasswd user
  6. Reload the nginx server: nginx -s reload

Let’s take a closer look at all the commands and examples for configuring password authentication on Nginx.

Step 1. Install the dependencies required to configure password authentication on Nginx.

You need to install the htpasswd command.

It is not part of the Nginx web server.

But this is the dependency needed to restrict access using HTTP Basic Authentication according to your Linux / Unix distribution.

Hence, enter the command:

Debian/Ubuntu Linux используя apt  ##
sudo apt install apache2-utils
## Fedora/RHEL 8.x используя dnf ##
sudo dnf install httpd-tools
## CentOS/RHEL 7.x используя dnf ##
sudo yum install httpd-tools
## Alpine Linux используя apk ##
sudo apk add apache2-utils

Step 2 – Edit the Nginx Configuration

Edit /etc/nginx/nginx.conf or the virtual domain configuration file, for example the www.itsecforu.ru.conf file:

location / {
    try_files $uri $uri/ /index.php?$query_string;
    auth_basic          "ADMIN Login";
    auth_basic_user_file /etc/nginx/.htpasswd-itsecforu.ru;
}

Now, secure the / app / directory:

location /app/ {
    auth_basic          "Restricted and Password Protected App";
    auth_basic_user_file /etc/nginx/.htpasswd-itsecforu.ru;
}

Use the htpasswd command to create a new file /etc/nginx/.htpasswd-itsecforu.ru as follows:

# htpasswd -c {/path/to/.htpasswd-file} {userName}
# htpasswd -c /etc/nginx/.htpasswd-itsecforu.ru admin

Want to create additional users?

# htpasswd /etc/nginx/.htpasswd-itsecforu.ru user2
# htpasswd /etc/nginx/.htpasswd-itsecforu.ru user3

Let’s make sure the file contains usernames and encrypted passwords as follows using the cat command:# cat /etc/nginx/.htpasswd-itsecforu.ru

Check the server for errors:

# nginx -t

If there are no errors, reload or restart the nginx web server, enter:

# nginx -s reload

Step 5 – Test the setup

In your browser, enter the URL and make sure that the credentials window appears.

Password Protecting Nginx Directories and IP Address Restriction / CIDR

We can configure the security of our web server by combining Nginx HTTP Basic Authentication with IP Address Restriction or CIDR.

Edit the Nginx config file:

location / {
    try_files $uri $uri/ /index.php?$query_string;
    satisfy all;
    auth_basic          "ADMIN Login";
    auth_basic_user_file /etc/nginx/.htpasswd-itsecforu.ru;
    allow 202.54.1.2;
    allow 10.8.1.0/24;
    deny all;
}

Restart the Nginx web server again:

nginx -t && nginx -s reload

You learned how to configure and restrict access using HTTP Basic Authentication when using the Nginx web server.

Sidebar