Htpasswd Password Protect your Website using NGINX 1.11.4

HTTP Authentication using htpasswd and nginx

HTTP Authentication using htpasswd and nginx

When you use NGINX 1.11.4 and you want to protect your website or a directory within your website, try the following simple code to get you going. Initially I had some trouble setting it up myself and believe this article be a great help for all.

You’ll need:

  1. Root access or SSH access to your webserver
  2. NGINX webserver
  3. patience

Create user and password

Before we start specifying what location we want to protect we have to specify first create a user and password for the protected site

  1. To create a new user type the following command line code in SSH. You’ll be prompted for a password afterwards

Try to use a directory that is above or outside the www or website folder. Using /etc/nginx/ folder to store our .htpasswd file is a smart choice.

2. To add more users

Protect a folder, website, where-ever & whatever!

Open your website configuration file, in /etc/nginx/conf.d folder. Then open up your website configuration file, usually it’ll have the extension .conf, that is your clue that is the configuration file. You’ll add the following to your existing website configuration, add this anywhere between the server { and } tags.

Adjusting & Explanations

If you wanted to protect your entire site, you can change the location to

Similarly for any location, you can adjust as needed. In the event that your website or service needs to access any files within the folder, the 127.0.0.1 IP mentioned means our system can communicate as needed. As long as your IP is also added, you should also be able to access the directory and then be prompted for a username and password. Speaking about location, you are probably wondering why there is another location mentioned in the codes above.

Similar to how the initial location helped nginx to find the directory that is being protected, this location variable acts the same way. That line of code specifically says any file found with \.php ending or any php file will be processed by sending it to our internal webserver. This is commonly on port 9000.

To summarize, protecting a website is important. Protecting using a HTTP authentication like htpasswd is a reliable method of protection. As a final point be sure to utilize firewalls and not rely on .htpasswd alone for protection. Lastly if you have any questions, comment below.

Loading Facebook Comments ...

Leave a Reply

Your email address will not be published.

Loading Disqus Comments ...