Overview
On an Apache server, it's possible to password protect a directory using .htaccess and .htpasswd files. However, .htaccess files are not supported on Nginx.
You can still password protect your directories, but you need to use a basic_auth.conf file instead.
In the following examples, username would be your Shell user and example.com your website.
Creating the file
- Log into your server via SSH.
- Navigate to your user's directory.
- Make sure you have a /home/username/nginx/example.com directory. This doesn't exist by default; you must create it by running the following:
[server]$ mkdir -p nginx/example.com
- In this /home/username/nginx/example.com directory, add a file named basic_auth.conf with the following:
location / { auth_basic "Restricted"; auth_basic_user_file /home/username/nginx/example.com/.htpasswd; }
- The auth_basic parameter is just the title of the prompt the user sees when visiting this directory.
- The auth_basic_user_file parameter specifies where the password file is. Note how its path is set to the /nginx directory.
- In this example, the location directive password protects the entire domain since it's pointing to /.
- If you want a subdirectory to be password protected, change the location directive as follows:
location /subdirectory/
- Run the following to create the .htpasswd file:
[server]$ htpasswd -c /home/username/nginx/example.com/.htpasswd LOGIN
- LOGIN is the username you want to be used to authenticate in the login prompt.
- After typing that command, enter a password and confirm it when prompted:
New password: Re-type new password: Adding password for user LOGIN
- Reload the nginx config file.
- In your browser, load the directory your /home/username/nginx/example.com/basic_auth.conf points to.
In the example above, this would be your domain's root directory since the location directive points to /.
- Enter a user/password when prompted to log in.
In this example, your username is LOGIN and the password is the one you created above.