How to Configure Basic HTTP Authentication in Nginx

[‘

n

Basic HTTP authentication is a security mechanism to restrict access to your website/application or some parts of it by setting up simple username/password authentication. It can be used essentially to protect the whole HTTP server, individual server blocks (virtual hosts in Apache) or location blocks.

n

Read Also: How to Setup Name-based and IP-based Virtual Hosts (Server Blocks) with NGINX

n

As the name suggests, it is not a secure method to rely on; you should use it in conjunction with other more reliable security measures. For instance, if your web application is running on HTTP, then user credentials are transmitted in plain text, so you should consider enabling HTTPS.

n

The purpose of this guide is to help you add a small but useful layer of security to protect private/privileged content on your web applications (such as, but not limited to administrator sides). You can also use it to prevent access to a website or application which is still in the development phase.

n

Requirements

n

    n

  1. Install LEMP Stack in CentOS/RHEL 7
  2. n

  3. Install LEMP Stack in Ubuntu/Debian
  4. n

n

Create HTTP Authentication User File

n

You should start by creating a file that will store username:password pairs. We will use the htpasswd utility from Apache HTTP Server, to create this file.

n

First check that apache2-utils or httpd-tools, the packages which provide htpasswd utility are installed on your system, otherwise run the appropriate command for your distribution to install it:

n

# yum install httpd-toolstt[RHEL/CentOS]rn$ sudo apt install apache2-utilst[Debian/Ubuntu]rn

n

Next, run htpasswd command below to create the password file with the first user. The -c option is used to specify the passwd file, once you hit [Enter], you will be asked to enter the user password.

n

# htpasswd -c /etc/nginx/conf.d/.htpasswd developerrn

n

Add a second user, and do not use the -c option here.

n

# htpasswd /etc/nginx/conf.d/.htpasswd adminrn

n

Now that you have the password file ready, proceed to configure the parts of your web server that you want to restrict access to. To view the password file content (which includes usernames and encrypted passwords), use the cat command below.

n

# cat /etc/nginx/conf.d/.htpasswd rn

n

View HTTP Password File
View HTTP Password File

n

Configure HTTP Authentication for Nginx

n

As we mentioned earlier on, you can restrict access to your webserver, a single web site (using its server block) or a location directive. Two useful directives can be used to achieve this.

n

    n

  • auth_basic – turns on validation of user name and password using the “HTTP Basic Authentication” protocol.
  • n

  • auth_basic_user_file – specifies the password file.
  • n

n

Password Protect Nginx Virtual Hosts

n

To implement basic authentication for the whole web server, which applies to all server blocks, open the /etc/nginx/nginx.conf file and add the lines below in the http context:

n

http{rntauth_basic           "Restricted Access!";rn    tauth_basic_user_file /etc/nginx/conf.d/.htpasswd; rnt……...rn}rn

n

Password Protect Nginx Website or Domain

n

To enable basic authentication for a particular domain or sub-domain, open its configuration file under /etc/nginx/conf.d/ or /etc/nginx/conf/sites-available (depending on how you installed Nginx), then add the configuration below in server block or context:

n

server {rntlisten ttt80;rntserver_name    t  example.com;rntauth_basic           t"Restricted Access!";rn    tauth_basic_user_file t/etc/nginx/conf.d/.htpasswd; rntlocation /  {rntt……..rnt}rnt……...rn}rn

n

Password Protect Web Directory in Nginx

n

You can also enable basic authentication within a location directive. In the example below, all users trying to access the /admin location block will be asked to authenticate.

n

server {rntlisten ttt80;rntserver_name    texample.com www.example.com;rntrntlocation / {rntt……..rnt}rntlocation /admin/ {rnttauth_basic           t"Restricted Access!";rn    ttauth_basic_user_file t/etc/nginx/conf.d/.htpasswd; rnt}rnrntlocation /public/{rnttauth_basic  off;t#turns off basic http authentication off for this blockrnt}rnt……..rn}rn

n

If you have configured basic HTTP authentication, all user who tries to access your webserver or a sub-domain or specific part of a site (depending on where you implemented it), will be asked for a username and password as shown in the screenshot below.

n

Nginx Basic Authentication
Nginx Basic Authentication

n

In case of a failed user authentication, a “401 Authorization Required” error will be displayed as shown below.

n

401 Authorization Required Error
401 Authorization Required Error

n

You can find more information at restricting Access with Basic HTTP Authentication.

n

You might also like to read these following useful Nginx HTTP server related guides.

n

    n

  1. How to Password Protect Web Directories in Nginx
  2. n

  3. The Ultimate Guide to Secure, Harden and Improve Performance of Nginx
  4. n

  5. Setting Up HTTPS with Let’s Encrypt SSL Certificate For Nginx
  6. n

n

In this guide, we showed how to implement basic HTTP authentication in Nginx HTTP web server. To ask any questions, use the feedback form below.

n

‘]