Nginx/Password
From charlesreid1
To password protect a folder on an Nginx server:
- Create an .htpaasswd file that contains the username and the hashed password
- instruct nginx to use the .htpasswd file to authenticate users trying to access a particular location
Create the Password File
OpenSSL
Here we use openssl to create the password file, which is a hidden file called .htpasswd in the /etc/nginx configuration directory.
Suppose you want to let people access the web server using the username foo and the password bar.
Set the username foo and the password bar using openssl, using /etc/nginx/.htpasswd as the destination:
sudo sh -c 'printf "<user>:$(openssl passwd -apr1 <your password>)\n" >> /etc/nginx/.htpasswd'
NOTE: leave out the password to be interactively prompted for it (more secure):
sudo sh -c 'printf "<user>:$(openssl passwd -apr1)\n" >> /etc/nginx/.htpasswd'
You can repeat this process for additional usernames. You can see how the usernames and encrypted passwords are stored within the file by typing:
cat /etc/nginx/.htpasswd
Output
foo:$apr1$wI1/ER4B$kTOuTJHkTWkekoQnXqC1d1
Modify sites-available file
Here is an example original nginx default sites-available:
/etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm;
server_name localhost;
location / {
try_files $uri $uri/ =404;
}
}
To modify this to use the .htpasswd file we created above, add the two directives:
auth_basicauth_basic_user_file
/etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm;
server_name localhost;
location / {
try_files $uri $uri/ =404;
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}