Tutorial

How To Set Up HTTP Authentication With Nginx On Ubuntu 12.10

Published on April 30, 2013

Venkat

How To Set Up HTTP Authentication With Nginx On Ubuntu 12.10

Not using Ubuntu 12.04?Choose a different version or distribution.

Ubuntu 12.04

What the Red Means

The lines that the user needs to enter or customize will be in red in this tutorial! The rest should mostly be copy-and-pastable.

About Nginx

Nginx (pronounced as 'engine x') is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev that is flexible and lightweight program when compared to apache. The official nginx documentation is here.

Prerequisites

As a prerequisite, we are assuming that you have gone through the article on how to set up your VPS and also have installed Nginx on it. If not, you can find the article on setting up the VPS in the initial server setup article and you can find more information on installing nginx in our community.

Step 1: Apache Utils

We need htpasswd to create and generate an encrypted for the user using Basic Authentication. Install apache2-utils using the command below.

  sudo apt-get install apache2-utils

Step 2: Create User and Password

Create a .htpasswd file under your website directory being served by nginx. The following command would create the file and also add the user and an encrypted password to it.

  sudo htpasswd -c /etc/nginx/.htpasswd exampleuser

The tool will prompt you for a password.

New password:
Re-type new password:
Adding password for user exampleuser

The structure of the htpasswd file would be like this:

login:password

Note that this htpasswd should be accessible by the user-account that is running Nginx.

Step 3: Update Nginx configuration

Your nginx configuration file for the website should be under /etc/nginx/sites-available/. Add the two entries below under for the domain path that you want to secure.

    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.htpasswd;

The second line is the location of the htpasswd file for your website.

For example, lets say our nginx configuration file is /etc/nginx/sites-available/website_nginx.conf, open the file using vi or any editor of your choice.

 
  sudo vi /etc/nginx/sites-available/website_nginx.conf

Then add the two lines into the following path:

 
 server {
  listen       portnumber;
  server_name  ip_address;
  location / {
      root   /var/www/mywebsite.com;
      index  index.html index.htm;
      auth_basic "Restricted";                                #For Basic Auth
      auth_basic_user_file /etc/nginx/.htpasswd;  #For Basic Auth
  }
}

Step 4: Reload Nginx

To reflect the changes on our website reload the nginx configuration and try to access the domain that has been secured using Basic Authentication.

$ sudo /etc/init.d/nginx reload
* Reloading nginx configuration...

Now try to access your website or the domain path that you have secured and you will notice a browser prompt that asks you to enter the login and password. Enter the details that you used while creating the .htpasswd file. The prompt does not allow you to access the website till you enter the right credentials.

And voila! You have your website domain path secured using Nginx's Basic Authentication.

Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.

Learn more about our products

About the authors

Venkat

author

Still looking for an answer?

Ask a question Search for more help

Was this helpful?

9 Comments

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

pushkin • February 19, 2015

The author of Nginx is Igor Sysoev (http://en.wikipedia.org/wiki/Igor_Sysoev), please correct the typo.

beertruck • July 2, 2015

Creators last name is Igor Sysoev. You are missing “v” in the last name.

d61db07b15444e1d90318eac626fbc • June 27, 2015

If you want to password protect a subfolder, here is what I found out by following this guide - see section 3 - https://www.howtoforge.com/basic-http-authentication-with-nginx

Create a location block starting with “location /this/subfolder/path” For example:

location /this/subfolder/path {
auth_basic "Restricted";
auth_basic_user_file /var/www/domain/current/public//this/subfolder/path/.htpasswd;
}

Don’t forget to reload the nginx.config

wchess2001 • April 16, 2014

I found this tutorial useful, just wanted to add that in some cases you may want to prevent this Authorization header from being proxied upstream; in which case you should add (where appropriate to your needs):

# do not relay basic auth header
proxy_set_header Authorization "";

martijnk • December 8, 2015

Digital Ocean has very accurate clear and clean instructions that work, thanks!

georgejlondon • June 5, 2015

Very helpful thanks!

Pacoup • January 30, 2015

Keep in mind placing the auth_basic directives within a location block will make the HTTP authentication only active for that particular location.

This could be not what was intended, especially in dynamic site configurations (e.g. Drupal, WordPress) where multiple location statements may exist.

You can place the auth_basic directives directly in the server block to make it valid for the entire virtual host.

mrmoodh • December 8, 2013

In case you don’t want to install apache2-utils you could always use an online generator like http://www.htaccesstools.com/htpasswd-generator/ to encrypt the password.

Of course it’s not as safe so think through your use case. :)

Darren Terhune • June 23, 2013

This took me ages to figure out using Rails/Unicorn as all documentation for Rails/Unicorn online I found showed location like:

location @unicorn

I had to switch that to just

location /

Then it worked like a charm. Before the http auth settings were just ignored.