By continuing to navigate on this website, you accept the use of cookies to serve you more relevant services & content.
For more information and to change the setting of cookies on your computer, please read our Cookie Policy.

How to setup http password authentication with nginx

HTTP Authentication is used to allow access limit to a site or particular directories by validating the username and password.

Usernames and passwords are taken from a file created(.htaccess file) and we can have many no of username/password combinations to restrict the access.

We can also use other access restriction methods to HTTP Authentication, for example limiting access by IP or place. 

In this tutorial, we'll learn how to add http authentication to nginx site using username and password

Step1:

You need to install nginx in your server to add HTTP authentication.

Nginx is one of the most popular web servers in the world. It can handles load balancing, content caching, web serving, security controls, and monitoring in one easy-to-use software package.

    sudo apt-get update

    sudo apt-get install nginx

We can know status of nginx server by the following command:

    sudo service nginx status

Step2:

We are using the htpassword command to store all the usernames and passwords to restrict access to a site.

apache2-utils package supports the htpassword command, so we also need to install apache-server

    sudo apt-get install apache2-utils


That password and the associated username will be stored in a file that you specify. The password will be encrypted and the name of the file can be anything you like.

Here, we use the file /etc/nginx/.httppassword and the username testuser.

    sudo htpasswd -c /etc/nginx/.httppassword testuser


We can check the username/password information in the file that we have specified at the time of creation

    nano /etc/nginx/.htpasswd

It will have all the username/passwords to site and will store all the passwords, and these will be encrypted using either bcrypt, MD5, crypt()

Step3:

Now we should add this username/pasword information to our nginx configuration.

Add the below lines to the configuration file of the website under the location section.

     auth_basic "Private Property";

     auth_basic_user_file /etc/nginx/.htpasswd;

The value of auth_basic is any string, and will be displayed at the authentication prompt, the value of auth_basic_user_file is the path to the password file that was created at username/pasword creation.

Then nginx will validate the given information to the actual username/password. If it's valid, then it allows to render the website pages, otherwise it will render the 401 Authorization Required message

Step4:

To apply the changes to a server, restart nginx.

    sudo service nginx reload

Now you can see HTTP authentication which will ask you a username/password to access the website. If You give correct credentials, you can access the website, otherwise it will return 401 authorization required message.

    Posted On
  • 01 March 2017
  • By
  • Micropyramid

Need any Help in your Project?Let's Talk

Latest Comments
Related Articles
Ansible Galaxy Introduction.

Ansible Galaxy is the hub of ansible scripts contributed by users. To follow this article its important that you know about ansible. We have a ...

Continue Reading...
Understanding Logstash Parsing Configurations and options

In This Tutorial we will learn to customize Logstash to parse any type of Log Files. Logstash helps us to process logs and other event ...

Continue Reading...
How to backup and restore mysql, postgresql and mongodb databases

Data loss can happen when we accidentally delete the files, or when server crashes or system fails, or when we applied migrations to the data ...

Continue Reading...
open source packages

Subscribe To our news letter

Subscribe and Stay Updated about our Webinars, news and articles on Django, Python, Machine Learning, Amazon Web Services, DevOps, Salesforce, ReactJS, AngularJS, React Native.
* We don't provide your email contact details to any third parties