Password protecting directories with Nginx

On an Apache server, it's possible to password protect a directory using .htaccess and .htpasswd files. However, .htaccess files are not supported on Nginx.

You can still password protect your directories, but you need to use a basic_auth.conf file instead:

  1. Log into your server via SSH.
  2. Navigate to your user's directory.
  3. Make sure you have a /home/username/nginx/example.com directory. This doesn't exist by default; you must create it by running the following:
    [server]$ mkdir -p nginx/example.com
    
  4. In this /home/username/nginx/example.com directory, add a file named 'basic_auth.conf' with the following:
    location / {
      auth_basic "Restricted";
      auth_basic_user_file /home/username/nginx/example.com/.htpasswd;
    }
    
    • The auth_basic parameter is just the title of the prompt the user sees when visiting this directory.
    • The auth_basic_user_file parameter specifies where the password file is. Note how its path is set to the /nginx directory.
    • In this example, the 'location' directive password protects the entire domain since it's pointing to '/'.
    • If you want a subdirectory to be password protected, change the 'location' directive as follows:
    location /subdirectory/
    
  5. Run the following to create the .htpasswd file:
    [server]$ htpasswd -c /home/username/nginx/example.com/.htpasswd LOGIN
    
    • LOGIN is the username you want to be used to authenticate in the login prompt.
  6. After typing that command, enter a password and confirm it when prompted:
    New password: 
    Re-type new password: 
    Adding password for user LOGIN
    
  7. Reload the nginx config file.
  8. In your browser, load the directory your /home/username/nginx/example.com/basic_auth.conf points to. *In the example above, this would be your domain's root directory since the 'location' directive points to /.
  9. Enter a user/password when prompted to log in.
    • In this example, your username is LOGIN and the password is the one you created above.

See also

Did this article answer your questions?

Article last updated .