Apply Basic Authentication With Nginx

Security

By Chandrashekhar Fakirpure

Updated on Jan 26, 2024

In this tutorial, we'll explain how to apply basic authentication with Nginx. Control access using HTTP Basic authentication. We can restrict access of website or some parts of it by implementing a username/password authentication.

There are some pages or path of the website that you want to keep access to restricted when setting up a web server. Although web applications frequently come with their own permission and authentication systems, if these are insufficient or not accessible, access can be restricted via the web server itself.

We are using apache2-utils (Debian, Ubuntu) or httpd-tools (RHEL/CentOS/Rocky Linux/AlmaLinux) to create the password file. It is a purpose-built utility. 

1. Install Apache Utilities

First, we need to install Apache utilities to access the htpasswd utility package. 

Execute following command to install apache2-utils package (Debian, Ubuntu)

sudo apt update
sudo apt install apache2-utils -y

Execute following command to install httpd-tools package (RHEL/CentOS/Rocky Linux/AlmaLinux)

dnf update -y
dnf install httpd-tools -y

2. Create password file

To create password file, we will use htpasswd command. When we execute following command it will create a password file that Nginx can use to authenticate users. We will create hidden dot file named .htpasswd within /etc/nginx configuration directory.

sudo htpasswd -c /etc/nginx/.htpasswd admin

Note: Replace admin user with your desired username. 

Above command will ask to enter the password and re-enter the password. Remember that password, we need to use it to login. If you want to add another user you can remote *-c* option. It need to mention at first time only.

Verify that the username and password added in the .htpasswd file.

cat /etc/nginx/.htpasswd

Output:

admin:$apr1$QUtLrtE9$BfdPf8CYfC3yaJxK4GBvt.

3. Configure Nginx Password Authentication

Now, we have created password file with the username and password.  Let's begin adding the file path and configure the path, we want to protect in Nginx configuration file. We need to add the following lines in server block.

auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;

It should look like:

server {
  listen 80;
  server_name <Server IP or Domain Name>;
  index index.html index.php;
    root /usr/share/nginx/example;

  # Basic authentication
    auth_basic "Restricted Content";
    auth_basic_user_file /etc/nginx/.htpasswd;

    # logging
    access_log /var/log/nginx/access.log combined buffer=512k flush=1m;
  error_log /var/log/nginx/error.log warn;We can set password authentication to specific page too. We just need to add the auth_basic in that location, like shown below:
location /admin {
  try_files $uri $uri/ =404;
  auth_basic "Restricted Content";
  auth_basic_user_file /etc/nginx/.htpasswd;
}


4. Test and restart Nginx service

To reflect the change, we need to test for error and restart the Nginx service.

nginx -t
sudo systemctl restart nginx

Navigate to your browser and access the website. It will popup login form, asking username and password. Enter the username and password you have entered during the process.

That's it. We have seen how to apply basic authentication with Nginx.