1. Home
  2. Linux
  3. General
  4. How to Configure Basic HTTP Authentication in Nginx
Searching...

How to Configure Basic HTTP Authentication in Nginx

How to Configure Basic HTTP Authentication in Nginx
How to Configure Basic HTTP Authentication in Nginx

Want to learn how to  Configure Basic HTTP Authentication in Nginx! Before going into details lets have a look at what we have covered previously on Nginx and VPS:

  1. How can I setup WordPress rewrite on Nginx?
  2. Install WordPress with Nginx on Ubuntu 14.04

Basic HTTP authentication is a security mechanism to restrict access to your website/application, or some parts of it, by setting up a simple username/password authentication barrier.

  • You can use it to essentially protect the entire HTTP server, or place individual server blocks (virtual hosts in Apache) or location blocks.

As the name suggests it isn’t a security method to rely on completely; you need to use it in conjunction with other, more reliable security measures. For example, if your web application is running on HTTP, then user credentials are transmitted in plain text, so you need to consider enabling HTTPS.

Configure Basic HTTP Authentication in Nginx

This tutorial will help you add a small but useful layer of security to protect private/privileged content on your web applications (such as, but not limited to, administrator sides). You could also use it to stop access to a website or application which is still in the development phase.

Requirements:

LEMP stack in CentOS/RHEL 7
LEMP stack in Ubuntu/Debian
Create HTTP Authentication User File
You can start by creating a file that will store username:password pairs. We are going to use the htpasswd utility from the Apache HTTP Server to create this file.
First confirm that apache2-utils or httpd-tools, the package which provides the htpasswd utility, is installed on your system, otherwise, run the appropriate command for your distribution to install it:
[RHEL/CentOS]

yum install httpd-tools  

[Debian/Ubuntu]

sudo apt install apache2-utils

Now, we will run the htpasswd command below to create the password file with the first user. The –c option is used to specify the passwd file. After you hit Enter, you will be prompted to enter the user password.

htpasswd -c /etc/nginx/conf.d/.htpasswd developer

Append a second user, and don’t use the –c option here.

htpasswd /etc/nginx/conf.d/.htpasswd admin

Since you have the password file prepared, continue to configure the parts of your web server that you would like to restrict access to. To view the password file content (which has usernames and encrypted passwords), use the cat command below.

cat /etc/nginx/conf.d/.htpasswd

Configure HTTP Authentication for Nginx

Like we mentioned before, you should be able to restrict access to your web server, a single website (using its server block), or a location directive. Two useful directives are used to achieve this.

  • auth_basic – turns on validation of username and password using the “HTTP Basic Authentication” protocol.
  • auth_basic_user_file – specifies the password file.

Password Protect Nginx Virtual Hosts

To implement basic authentication for the entire web server, which applies to every server block, open the /etc/nginx/nginx.conf file and append the lines below in the http context:

http {
auth_basic           "Restricted Access!";
auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
……...
}

Password Protect Nginx Website or Domain

In order to enable basic authentication for a specific domain or sub-domain, open its configuration file under /etc/nginx/conf.d/ or /etc/nginx/conf/sites-available (depending on how you installed Nginx), then append the configuration below in server block or context:

server {
       listen                                     80;
       server_name      example.com;
       auth_basic                         "Restricted Access!";
       auth_basic_user_file      /etc/nginx/conf.d/.htpasswd;
       location /  {
         ……..
       }
       ……...
}

Password Protect Web Directory in Nginx

You may also enable basic authentication inside a location directive. In the example below, all users trying to access the /admin location block will be asked to authenticate.

server {
listen                                     80;
server_name    example.com www.example.com;
location / {
……..
}
location /admin/ {
auth_basic                         "Restricted Access!";
auth_basic_user_file      /etc/nginx/conf.d/.htpasswd;
}
location /public/{
auth_basic  off; #turns off basic http authentication off for this block
}
……..
}

Configured Basic HTTP authentication

If you have configured basic HTTP authentication, all users who attempt to access your web server or a sub-domain or a particular part of the site (depending on the location you implemented it) will be prompted for a username and password as shown in the screenshot below.
In case of a failed user authentication, a “401 Authorization Required” error will be displayed.
Check out Our Best VPS Hosting  for scaling your cloud-based applications and processes.
One more thing..
Share this tutorial with your hosting administrators and networking experts friends, as it will help them and make my countless hours of work count.

Thanks

Updated on December 23, 2018
Tagged:

Was this article helpful?

Yes No

Related Articles

Leave a Comment

[apsl-login-lite login_text='Please login with a social account']