How to Password Protect Directories on Nginx (Ubuntu 18.04)

Endrit Qerreti

Endrit Qerreti

If you want to password protect an section/directory on your site and make it available to login with an username and password, you can do so by using nginx HTTP basic auth. This function allows you to stop other people who don't have the logins from accessing the section you are protecting.

Step 1 - Install Apache utils

Package apache2-utils should be installed first, this package contains the htpasswd package which allows you to generate hashed passwords.

sudo apt install apache2-utils

Step 2 - Generate User and Password

In this step, we'll be generating the hashed password and username by using this command

Note: replace owlhowto with your username

sudo htpasswd -c /etc/nginx/.htpasswd owlhowto

Once you type the above command, you will be prompted to set a password for the username you selected, type password and then confirm it by typing it again.

and it should look like this

To verify if file .htpasswd was successfully created, you can check it with the cat command

cat /etc/nginx/.htpasswd

As you can see in the screenshot above, the file contains the username you set and the hashed password, now you should be good to move to the next step.

Step 3 - Setup Basic HTTP Auth

The path below is the default nginx configuration, if you have more than 1 site on your server, or if you want to password protect only one site then the file you should edit is located at /etc/nginx/sites-enabled/mysite.com

To set up basic auth on the default file

Open nginx config with nano or vim

sudo nano /etc/nginx/nginx.conf

To set up basic auth on the site you want

sudo nano /etc/nginx/sites-enabled/mysite.com

Then simply add the parameters auth_basic and auth_basic_user_file to location

location / - Means it will password protect the whole site since it's just / and it doesn't specify

To protect only a directory you need to specify the location

Example : location /login - Will password protect the section /login, so when you browse to mysite.com/login you will be prompted to enter Username and password.

auth_basic - Is the name of the section

auth_basic_user_file - Is the path where the file .htpasswd is located

location /login {
  auth_basic "Admin's Area";
  auth_basic_user_file /etc/nginx/.htpasswd;
}

Once you have added your own configuration press CTRL + X to save the file

Next, to make sure you don't have any error on the config file, type:

sudo nginx -t 

If you get test is successful then you are good to go, if you get errors then you should go and take a look again at the config file where you added the change, the errors also specify the exact line where the error is, so it shouldn't be that hard to know what's causing it, could be a missing { or ;

Step  4 - Reload and Restart Nginx

All you need to do now is reload nginx and restart it

Reload nginx

sudo systemctl reload nginx 

Restart Nginx

sudo systemctl restart nginx

Once you have restarted nginx, test your site by browsing to the location that you password protected.

Conclusion

In this tutorial you learned how to password protect directories on Nginx.