We will demonstrate you how to setup HTTP Authentication with Nginx on Ubuntu in this article. We are using Ubuntu 16.04.1 and have nginx version: nginx/1.10.0 installed in our machine.

“htpasswd” is used to create and update the files used to store usernames and password for basic authentication of HTTP users.

1.  apache2-utils

The first step is to check whether “htpasswd” is available on our machine or not. 

Run the following on the terminal

 $ apt list --installed | grep apache2-utils

It will display the following package if already installed

apache2-utils/xenial-updates,xenial-security,now 2.4.18-2ubuntu3.1 amd64 [installed,automatic]

If you get no listing, then install “apache2-utils” using the command below

sudo apt-get install apache2-utils

2. Create username and password

Now we create the .htpasswd file supplying the username and the password. Run the following command to do it.

sudo htpasswd -c /etc/nginx/.htpasswd myauthuser

Here ‘/etc/nginx/.htpasswd’ is our flat-file and ‘myauthuser’ is the username.

When you run the above command, it will prompt you for a password. Once you enter the password, it will ask you to Re-type the password. Just follow the instructions and proceed further.

3. Update Nginx configuration

Its time now to update the Nginx configuration file. The Nginx configuration files can be found at /etc/nginx/sites-available/ directory. Lets say we have only the default configuration file, lets open it using the vi editor.

sudo vi /etc/nginx/sites-available/default

We need to add the following two lines for the domain path we want to secure.

auth_basic "Protected Area";
auth_basic_user_file /etc/nginx/.htpasswd;

Here are the configuration file contents after adding the above two lines

server {
    listen 80 default_server;
    server_name default;

    root /var/www/html;
    index index.html index.htm index.php;

    location / {
        auth_basic "Protected Area";      #For Basic Authentication 
        auth_basic_user_file /etc/nginx/.htpasswd;     #Basic Authentication

        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt { access_log off; log_not_found off; }

    access_log off;
    error_log /var/log/nginx/default-error.log error;

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php5.6-fpm.sock;
        fastcgi_index index.php;
        include fastcgi.conf;
    }

    location ~ /\.ht {
        deny all;
    }
}

4. Reload the Nginx Configuration

The configuration changes will not reflect until reload the configuration or you restart the Nginx server .

To just reload the Nginx configuration, execute the following command

sudo service nginx reload

To restart the Nginx server, execute the following command

sudo service nginx restart

Now access the domain path you have just secured in browser, it will prompt you for a username or password. Enter the username and password we created in Step 2.

Great! we secured our domain path.