Nginx is a very powerful webserver, often used as a replacement to Apache for its speed. With Apache, you can very easily protect a directory with a custom username/password by using a .htaccess file. Nginx does not support that (since it’s a performance bottleneck), but it does offer a replacement.

This uses the auth_basic nginx module which is available in nearly every installation of Nginx if you install it via a yum or apt repository.

Create a secure username and password combination

The first step is to generate a secure username and password to use. If you’re out of ideas and want a random password, I offer a password generator for that. At the command line of your server, type the following commands.

# mkdir -p /etc/nginx/passwd.d/
# htpasswd -c /etc/nginx/passwd.d/secure.passwd username

The above will create a directory called “/etc/nginx/passwd.d/” and will next prompt you for a password for the “username” user. If the file already exists, because you’re adding multiple users, you can leave out the -c flag. The “-c” tells the htpasswd command to create a new file. You now have a file outside of your public directory with a secure username and password in it. Never store that secure.passwd file in your webroot, it should never ever be accessible via the webserver document root.

The configuration in Nginx

To secure a directory, use a configuration as follows.

server {
    listen 80;
    server_name mydomain.be;
 
    root /var/www/mydomain.be/htdocs;
    index index.html index.php;
 
    location /securedpage {
        auth_basic "Please enter valid credentials";
        auth_basic_user_file /etc/nginx/passwd.d/secure.passwd;
    }
}

That configuration snippet above will protect the directory “/securedpage” with the username and password you defined in the /etc/nginx/passwd.d/secure.passwd file.