You may occasionally need to restrict access to particular files and directories on your website. You may quickly configure simple authentication for such directories to accomplish this. We’ll look at how to password-protect a directory in NGINX in this tutorial.
How to Protect a Directory in Nginx using a Password
The procedures to password-protect a directory in NGINX are listed below.
1. Setup Apache Utilities
In order to password-protect files and directories in NGINX, we must utilize the htpasswd function. Therefore, we must install httpd-tools or apache2-utils. Run the upcoming command in a terminal window.
# yum install httpd-tools [RHEL/CentOS]
$ sudo apt install apache2-utils [Debian/Ubuntu]
2. Make a user and password
After that, issue the htpasswd command to create a user with access to your website. Change developer to the username of your choosing below.
# htpasswd -c /etc/nginx/conf.d/.htpasswd developer
For the location of the password file, we use the -c option. A password prompt will appear once you hit enter.
For instance, we don’t mention the location of the password file when we create a new user.
# htpasswd /etc/nginx/conf.d/.htpasswd developer2
3. Access the NGINX settings file
Run the following command in a terminal to view the NGINX server configuration file.
$ sudo vi /etc/nginx/nginx.conf
If you’ve set up distinct virtual hosts for your website (for example, www.example.com), you may view their setup by using the following command:
$ sudo vi /etc/nginx/sites-enabled/website.conf
You can also access the default virtual host configuration file as an alternative.
$ sudo vi /etc/nginx/sites-enabled/default
4. NGINX Password Protection
Use of the auth_basic and auth_basic_user_file directives is required in the configuration of the NGINX server in order to password-protect a directory, specific web pages, or even your entire website.
For instance, add the two directives above as indicated below in the http block if you wish to configure basic authentication for virtual hosts (the complete http block).
http{
…
auth_basic “Restricted Access!”;
auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
…
}
The path to the password file is specified in the auth basic user file directive and the message to be displayed is specified in the auth basic directive in the code above.
Similar to that, this code implements basic authentication for a website or domain in order to safeguard the server block.
server{
…
auth_basic “Restricted Access!”;
auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
…
}
By using the directives auth_basic and auth_basic_user_file in a location block for a particular web directory or subdirectory (for example, /admin), you can additionally establish basic authentication for that directory.
location /admin/ {
…
auth_basic “Restricted Access!”;
auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
…
}
5. Start the NGINX Server again
To verify the changed config file’s syntax, run the command below.
$ sudo nginx -t
Run the following command to restart the NGINX server if there are no issues.
$ sudo service nginx reload #debian/ubuntu
$ systemctl restart nginx #redhat/centos
6. Confirm basic authentication
Open a browser and go to the protected URL (such as www.example.com/admin). An authentication screen similar to the one below should appear.