How to Password Protect Directory in Nginx

Sometimes you may need to prevent unauthorized access to specific files and directories on your website. For this, you can easily set up basic authentication for those directories. In this article, we will look at how to password protect directory in NGINX.

How to Password Protect Directory in Nginx

Here are the steps to password protect directory in NGINX.

1. Install Apache Utils

We need to use htpasswd utility to password protect files and directories in NGINX. So we need to install apache2-utils or httpd-tools. Open terminal and run the following command

# yum install httpd-tools [RHEL/CentOS] 
$ sudo apt install apache2-utils [Debian/Ubuntu]

Also read : NGINX Restrict Access to Directory and Subdirectories

2. Create User/Password

Next, run htpasswd command to create a user that will be given access to your website. Replace developer below with your choice of username.

# htpasswd -c /etc/nginx/conf.d/.htpasswd developer

We use -c option to specify password file location. When you press enter, you will be prompted for a password.

For example, when we create another user, we don’t specify password file location.

# htpasswd /etc/nginx/conf.d/.htpasswd developer2

Also read : NGINX Restrict Access to URL

3. Open NGINX configuration file

Open terminal and run the following command to open NGINX server configuration file.

$ sudo vi /etc/nginx/nginx.conf

If you have configured separate virtual hosts for your website (e.g www.example.com), such as /etc/nginx/sites-enabled/website.conf then open its configuration with the following command

$ sudo vi /etc/nginx/sites-enabled/website.conf

Alternatively, you can also open the default virtual host configuration file.

$ sudo vi /etc/nginx/sites-enabled/default

Also read : How to Configure NGINX Log rotation

4. Password Protect NGINX

In order to password protect your directory, or certain web pages or even your entire website, we need to use auth_basic and auth_basic_user_file directives in NGINX server configuration.

For example, if you want to configure basic authentication for virtual hosts (an entire http block), add the above two directives as shown below in http block.

http{
   ...
   auth_basic "Restricted Access!"; 
   auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
   ...
}

In the above code, we specify the path of password file in auth_basic_user_file directive and message to be displayed in auth_basic directive.

Similarly, here’s the code to protect server block, that is, implement basic authentication for website or domain.

server{
    ...
    auth_basic "Restricted Access!";
    auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
    ...
}

You can also configure basic authentication for specific web directories/subdirectories (e.g /admin) by adding auth_basic and auth_basic_user_file directives in a location block for that directory.

location /admin/ {
    ...
    auth_basic "Restricted Access!";
    auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
    ...
}

Also read : How to Fix NGINX Worker Connections Not Enough

5. Restart NGINX Server

Run the following command to check syntax of your updated config file.

$ sudo nginx -t

If there are no errors, run the following command to restart NGINX server.

$ sudo service nginx reload #debian/ubuntu
$ systemctl restart nginx #redhat/centos

Also read : How to Disable ETag in NGINX

6. Verify basic authentication

Open browser and visit the URL (e.g www.example.com/admin) that you have protected. You should see an authentication screen as the one below.

Ubiq makes it easy to visualize data, and monitor them in real-time dashboards. Try Ubiq for free.