https://briansnelson.com/index.php?action=history&feed=atom&title=Protecting_Folders_with_NginxProtecting Folders with Nginx - Revision history2026-06-04T07:10:05ZRevision history for this page on the wikiMediaWiki 1.24.1https://briansnelson.com/index.php?title=Protecting_Folders_with_Nginx&diff=829&oldid=prevBrian: Created page with "==Protecting Folders with Nginx== This question comes up every so often, and its actually fairly easy besides the fact you do not use an .htaccess file. To do so we’ll need..."2015-03-08T04:08:57Z<p>Created page with "==Protecting Folders with Nginx== This question comes up every so often, and its actually fairly easy besides the fact you do not use an .htaccess file. To do so we’ll need..."</p>
<p><b>New page</b></p><div>==Protecting Folders with Nginx==<br />
<br />
This question comes up every so often, and its actually fairly easy besides the fact you do not use an .htaccess file. To do so we’ll need the auth_basic module which comes included with Nginx.<br />
<br />
First we will need to create a password file, you can create this in the folder you wish to protect (though the file can reside anywhere Nginx has access to).<br />
<br />
===Create the .htpasswd file===<br />
<br />
htpasswd -c /var/www/domain.com/.htpasswd username<br />
<br />
When you run the above command, it will prompt you for a password for the provided username, and then create the file .htpasswd in the folder you specified. If you already have a pre-existing password file, you can omit the -c flag. You can use the -D flag to remove the specified user from a password file.<br />
<br />
===Setting up Nginx===<br />
<br />
Adding protection to your admin folder or for wordpress wp-admin folder<br />
<br />
server {<br />
... <br />
location /admin {<br />
auth_basic "Welcome to the DarkSide";<br />
auth_basic_user_file /var/www/domain.com/.htpasswd;<br />
}<br />
... <br />
}<br />
<br />
With the above access to the admin directory will prompt the user with a basic authentication dialog, and will be challenged against the password file provided.<br />
<br />
The password file itself does not have to be named .htpasswd, but if you do store it a web-accessible location make sure to protect it. With the last location block above using any name with a period in front should be protected from web-access.<br />
<br />
The safest place to store a password file is outside of the web-accessible location even if you take measures to deny access. If you wish to do so, you can create a protected folder in your nginx/conf directory to store your password files (such as conf/domain.com/folder-name/password) and load the user file from that location in your configuration.</div>Brian