Basic HTTP Authentication with Nginx

From Brian Nelson Ramblings
Revision as of 14:06, 31 May 2014 by Brian (Talk | contribs) (Creating the Password File)

Jump to: navigation, search

Basic HTTP Authentication with Nginx

This guide will show you how to implement basic HTTP authentication with Nginx to password-protect directories on your server or even a whole website. This is the Nginx equivalent to basic HTTP authentication on Apache with .htaccess/.htpasswd.

Creating the Password File

You will still need the Apaches htpasswd tool or visit a website that can create the password file for you like http://www.htaccesstools.com/htpasswd-generator/

Create Password file with htpasswd

Lets first check and see if its installed on your server, most servers have this function as the default web service was probably apache.

which htpasswd

If you have it on your system you will see something like

$ which htpasswd
/usr/bin/htpasswd

If your system does not have the htpasswd tool, you will want to install it

yum install httpd-tools

or if your on debian/ubuntu

apt-get install apache2-utils

Create the .htpasswd file

I want to create the password file /var/www/pwd/.htpasswd now and store the user demo in it (you can give the password file any name you like - it's not necessary to name it .htpasswd; I just named it .htpasswd because that's the way password files are named under Apache):

htpasswd -c /var/www/pwd/.htpasswd demo
    • Note the -c says to create the file, so when adding additional user names, do not use the -c

Adding the user demo2 to the same .htpasswd file

htpasswd /var/www/pwd/.htpasswd demo2

Now your /var/www/pwd/.htpasswd file will have two users, demo and demo2

Configuring Nginx with .htpasswd

Now that we have our password file in place, we just need to add it to our Nginx vhost configuration

vim /etc/nginx/sites-enabled/vhost_briansnelson.com

Because I want to password-protect the scripts directory in the document root, I use location /scripts {} here (to password-protect the whole website, you'd use location / {}):

server {
       listen 80;
       server_name www.briansnelson.com briansnelson.com;
       root /var/www/briansnelson.com;
[...]
       location /scripts {
                auth_basic "Restricted";
                auth_basic_user_file /var/www/pwd/.htpasswd;
       }
[...]
}

One last step, restarting Nginx

/etc/init.d/nginx reload

Now you can visit http://briansnelson.com/scripts/ and notice that it is password protected.