How to Password-Protect Any URL Path in Nginx (The Simple Way)

#nginx #beginners #basic

There can be situations where you want to lock a specific page with a password, so other users can't access that particular page.

In such cases, a few tweaks to your nginx configuration file will help you achieve that.

Let me give you a brief idea of how the authentication works in nginx.

How HTTP Basic Auth works in Nginx

The credentials like username and password are handled via a file.
The browser shows a built-in login popup.
The credentials are sent (Base64-encoded over HTTPS), and it's checked. Based on that, the access is granted.

Creation of the credentials file

For creating a credentials file, we will use htpasswd to generate the file nginx reads.

If you haven't installed it earlier, then you have to install apache2-utils

sudo apt install apache2-utils

Once that is installed, use the htpasswd command to generate the credential with the specified username.

sudo htpasswd -c /etc/nginx/.secret_pass username

When you run this, it will ask for the password. Enter the password you want, and the file will be generated.

Note: Use -c only the first time, because it creates the file.
If you run it again with -c, it will overwrite the existing file.
For adding users later, use:

sudo htpasswd /etc/nginx/.secret_pass anotheruser

Modifying the configuration

In your nginx configuration file, you will need to add a location and specify the auth-related information there.

Here is an example.

location ^~ /your/protected/path {
    auth_basic "Restricted Area";
    auth_basic_user_file /etc/nginx/.secret_pass;
    try_files $uri $uri/ =404;
}

Here, the location to be locked is specified. After that, you can see the secret_pass credential file being mentioned using auth_basic_user_file.

Important: Make sure this block appears before any broader /your or /your/protected location blocks in the config, otherwise nginx will not use it.

The changes are done. Now let's test and restart.