HTTP Password Authentication on NGINX Server

Quite often you may wish to restrict access to a site when it is under development or used as a staging site only. I like to use HTTP password authentication for this purpose, I find it more useful than restricting HTTP access by IP addresses as often you need to access a site from a different IP. It is better to restrict access with IP addresses for protocols such as SSH or FTP which pose a greater security risk than HTTP.

Anyway here is a quick walk through on setting up HTTP Authentication on a NGINX Server running on the Ubuntu (14.04) Operating System. The two files which you will need to create &/or update are:

  • Your NGINX Configuration file in /etc/nginx/site-available/
  • A .htpasswd file which is normally kept in your /etc/nginx/ directory

STEP 1: MAKE SURE YOU HAVE APACHE UTILS INSTALLED

To create a htpasswd you need to have the apache2-utils package installed so you can run the htpasswd command. First check to see if you have the htpasswd command available to you by running the following in your terminal:

$ which htpasswd
/usr/bin/htpasswd

If you don’t see a path like /usr/bin/htpasswd in the terminal output it means you need to install the apache2-utils package by running:

$ sudo apt-get install apache2-utils

STEP 2: CREATE YOUR USERNAME AND PASSWORD

Create your username and password with the following command (replacing the name john with your desired username):

$ sudo htpasswd -c /etc/nginx/.htpasswd john

You will then be prompted to enter your new password. Note that the -c flag which we passed with the command creates the .htpasswd file from scratch and will overwrite any existing .htpasswd. So, if you need to add another user without deleting any existing users, use the htpasswd command without the -c flag.

STEP 3: UPDATE NGINX CONFIGURATION

Your nginx configuration file for the website should be under /etc/nginx/sites-available/. It may be the default configuration file or one which you created. Open whichever one you are using for your website with a text editor and place the following two lines of code within the server{} context of your configuration file.

auth_basic "Restricted website - authorised access only";
auth_basic_user_file /etc/nginx/.htpasswd;

So the begining of your configuration file should look something like:

server {
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;

        root /usr/share/nginx/html;
        auth_basic "Restricted website - authorised access only";
        auth_basic_user_file /etc/nginx/.htpasswd;
        index index.html index.htm;
        # lots of omitted code
}

STEP 4: RELOAD NGINX

Finally reload your new configuration into your NGINX server with the following command:

$ sudo service nginx reload

Now you should see the following dialog prompting you for the username and password you created when you go to your website.

HTTP Auth Alert

For more information on restricting access on NGINX servers see this post from NGINX.