NGINX allows you to configure basic HTTP authentication on your website which allows you to restrict access to one or more pages on your website using a simple username/password. You can use this method to secure http, server or even location blocks. You can use it to secure virtual hosts, websites, or sensitive pages of your website such as admin pages. In this article, we will look at how to configure basic authentication in NGINX.
How To Configure Basic Authentication in NGINX
Here are the steps to configure basic authentication in NGINX.
1. Install Apache Utils
We need to use htpasswd utility to set up basic authentication. For that, we need to install apache2-utils or httpd-tools. Open terminal and run the following command
# yum install httpd-tools [RHEL/CentOS] $ sudo apt install apache2-utils [Debian/Ubuntu]
Also read : How to Install Let’s Encrypt on NGINX
2. Create User/Password
Next, run htpasswd command to create a user that will be given access to your website.
# htpasswd -c /etc/nginx/conf.d/.htpasswd developer
We use -c option to specify password file location. When you press enter, you will be prompted for a password.
For example, when we create another user, we don’t specify password file location.
# htpasswd /etc/nginx/conf.d/.htpasswd developer2
Also read : Redirect vs Rewrite in NGINX
3. Open NGINX configuration file
Open terminal and run the following command to open NGINX server configuration file.
$ sudo vi /etc/nginx/nginx.conf
If you have configured separate virtual hosts for your website (e.g www.example.com), such as /etc/nginx/sites-enabled/website.conf then open its configuration with the following command
$ sudo vi /etc/nginx/sites-enabled/website.conf
Alternatively, you can also open the default virtual host configuration file.
$ sudo vi /etc/nginx/sites-enabled/default
Also read : How to Create Custom 404 page in NGINX
4. Password Protect NGINX
In order to password protect your website, or certain web pages, we need to use auth_basic and auth_basic_user_file directives in NGINX server configuration.
For example, if you want to configure basic authentication for virtual hosts (an entire http block), add the above two directives as shown below in http block.
http{
...
auth_basic "Restricted Access!";
auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
...
}
In the above code, we specify the path of password file in auth_basic_user_file directive and message to be displayed in auth_basic directive.
Similarly, here’s the code to protect server block, that is, implement basic authentication for website or domain.
server{
...
auth_basic "Restricted Access!";
auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
...
}
You can also configure basic authentication for specific web pages/subdirectories (e.g /admin) by adding auth_basic and auth_basic_user_file directives in a location block.
location /admin/ {
...
auth_basic "Restricted Access!";
auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
...
}
Also Read : How to Limit Download Speed in NGINX
5. Restart NGINX Server
Run the following command to check syntax of your updated config file.
$ sudo nginx -t
If there are no errors, run the following command to restart NGINX server.
$ sudo service nginx reload #debian/ubuntu $ systemctl restart nginx #redhat/centos
Also read : How to Enable GZIP Compression in NGINX
6. Verify basic authentication
Open browser and visit the URL (e.g www.example.com/admin) that you have protected. You should see an authentication screen as the one below.
Ubiq makes it easy to visualize data, and monitor them in real-time dashboards. Try Ubiq for free.
