How to set up Nginx htpasswd authentication in Ubuntu

By on November 23rd, 2019

Sometimes you need to protect some part of your application. It can be a directory or a URL. For instance, assume you have CSV files on your website that you and your team members want to access. But you do not want anonymous users to access those CSV files. In such cases, we have to password protect our directory or URL. If you are using the Nginx web server, you will learn how to password protect directories and locations using basic authentication, also known as htpasswd authentication.

In this short tutorial, I will show you how to set up Nginx htpasswd authentication on the Ubuntu server. We will also learn how to allow additional users to access a password-protected location on the website. So, let us get started.

If you are using the Apache web server, You can follow our guide to set up Apache htpasswd authentication.

Prerequisites

Before you start following the actual tutorial, make sure you are using an Ubuntu server with Nginx web server running on it. You also need a non-root sudo user access to install additional packages on the system.

If you are using the Nginx web server and you have a non-root sudo user to access the server, you can continue with the tutorial.

Install Apache2 Utils

First of all, we will install the Apache2-utils package on our server. It will not install the Apache webserver on our system, but it allows us to use htpasswd utility to create and manage .htpasswd files on our server.

Execute the following commands to install apache2-utils package on your server.

$ sudo apt-get update
$ sudo apt-get install apache2-utils

It might take a minute or two to install. Once the process is complete, we can use htpasswd utility to create and manage password files.

Create a Password File

In this tutorial, I am going to create a password file inside the Nginx’s configuration directory. But you can create your own password file anywhere you want on the server. To create a new password file along with a user, execute the following command.

$ sudo htpasswd -c /etc/nginx/.htpasswd demouser

Here, the -c argument is used to create a new file. The location of the password file is going to be /etc/nginx/.htpasswd and it will store a user with username demouser in that password file.

It will ask you to supply the password for our user, in this case, demouser. Enter the password and the htpasswd file is ready.

To create a new user in the same htpasswd file, execute the following command.

$ sudo htpasswd /etc/nginx/.htpasswd demouser2

As our password file already exists, we do not have to use the -c argument with the htpasswd command. Similarly, you can add as many users as you want in a single password file. Now, let us learn how to use this password file to password protect directories on our website.

Note: It is not mandatory to use the exact name for password file. You can name it as per your choice.

Update Nginx Virtual Host

In Nginx, we have to update our virtual host file to apply our password file to a specific location. If you do not know what are the virtual hosts, I recommend you to learn that part from our guide on Nginx virtual hosts.

In this tutorial, I am going to apply the password file in the default Nginx virtual host. But you can perform the same action on any other virtual host too! Execute the following command to open the Nginx virtual host in edit mode.

$ sudo nano /etc/nginx/sites-available/default

You can replace default with the name of your virtual host if you want to update another virtual host file. Now, in the location block of the virtual host, Enter the configuration just like the following.

server {
    .
    .
    location / {
        .
        .
        auth_basic "Restricted Content";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }
}

Here, do not forget to replace the absolute path of the password file. After adding these lines in the virtual host file, press CTRL+X followed by Y followed by the Enter key to save the virtual host file.

We have to restart the Nginx web server to apply changes. Execute the following command to restart the Nginx web server.

$ sudo service nginx restart

Now, try to access your website in the new tab. It will ask you for a username and password. With the correct username and password combination, it will allow you to access the location. If you will enter the incorrect username and password combination, it will return the 401 unauthorized status code.

 

Conclusion: So, this is how you can password protect your website running on Nginx using htpasswd. If you want to protect a specific directory, you can create a new location block in your virtual host directory. It is very easy to manage users and password files once you understand how it works. If you have any questions, please let us know in the comment section given below. we will get back to you with help, as soon as possible.

One Response to “How to set up Nginx htpasswd authentication in Ubuntu”

  1. Srikanth Kidambi says:

    I have similar settings in line with what is presented here. However, I don’t see the login page. I have added something similar for apache without any issues on the same system, but this one on Nginx is not working.

    Here is what I have within the webroot section,

    location / {

    return 301 https://domainname$host$request_uri;

    auth_basic “Basic Auth”;
    auth_basic_user_file “/etc/nginx/.htpasswd”;

    }

    This is placed within the virtualhost config file of interest.

    Any suggestions in this regard would be appreciated.

Leave a Reply