Overview
The following explains how to password-protect directories for a website that's running on an Nginx server.
How this is different from Apache?
On an Apache server, it's possible to password protect a directory using .htaccess and .htpasswd files. However, .htaccess files are not supported on Nginx. You can still password protect your directories, but you need to use a basic_auth.conf file instead.
Prerequisites
This article assumes you have Created a Shell user and are able to log into your server via SSH.
Configuring a password-protected directory
The following steps explain how to create a configuration file and confirm it's working in a browser.
- Log into your server via SSH.
- Navigate to your user's directory.
- View the Nginx configuration file locations article to create your local /nginx/example.com directory.
- In this /home/username/nginx/example.com directory, create a file named basic_auth.conf with the following:
location / { auth_basic "Restricted"; auth_basic_user_file /home/username/nginx/example.com/.htpasswd; }
- username would be your Shell user and example.com your website.
- The auth_basic parameter is just the title of the prompt the user sees when visiting this directory.
- The auth_basic_user_file parameter specifies where the password file is. Note how its path is set to the /nginx directory.
- In this example, the location directive password protects the entire domain since it's pointing to /.
- If you want a subdirectory to be password protected, change the location directive as follows:
location /subdirectory/
- Run the following to create the .htpasswd file. LOGIN is the username you want to be used to authenticate in the login prompt. Change this to anything you like.
[server]$ htpasswd -c /home/username/nginx/example.com/.htpasswd LOGIN
- After typing that command, enter a password and confirm it when prompted:
New password: Re-type new password: Adding password for user LOGIN
- Reload the nginx config file.
- In your browser, load the directory your /home/username/nginx/example.com/basic_auth.conf points to. In the example above, this would be your domain's root directory since the location directive points to /.
- Enter a user/password when prompted to log in. In this example, your username is LOGIN and the password is the one you created above.