Nginx Basic Authentication NGINX

Oct 26th, 2018 - written by Kimserey with .

Basic authentication provides an easy way to password protect an endpoint on our server. Today we will see how we can create a password file and use it to enable basic authentication on Nginx.

If you haven’t seen Nginx before, you can have a look at my previous blog post on Getting started with Nginx

Create a Password

To create a password, we will use the apache2-utils tool called htpasswd.

1
2
sudo apt-get update
sudo apt-get install apache2-utils

htpasswd allows use to create passwords encrypted stored in a file

1
sudo htpasswd -c /etc/myapp/.htpasswd user1

-c is used to create the file. If we want to add other users we can omit the parameter.

1
sudo htpasswd /etc/myapp/.htpasswd user2

Now if we navigate to /etc/myapp/ we will be able to find our .htpasswd file containing encrypted passwords together with usernames.

Enable Basic Authentication

Enabling basic authentication can be achieved by using the auth_basic and auth_basic_user_file directives.

1
2
3
4
location /test {
    auth_basic "Administrator's Area";
    auth_basic_user_file /etc/ek/.htpasswd;
}

The auth_basic defines the realm where the basic auth operates. Now when we navigate to the location, we should be prompted with the basic auth dialog box.

To add another layer of security, we can use allow x.x.x.x and deny x.x.x.x to restrict access to only certain ip addresses where x.x.x.x being the ip address targeted. We can also target a range by specifying a mask x.x.x.x/x.

1
2
3
4
5
6
satisfy all
allow x.x.x.x;
deny all;

auth_basic "Administrator's Area";
auth_basic_user_file /etc/ek/.htpasswd;

Reusable Configuration

In order to reuse the configuration we can extract it and put it in a auth_basic file and ip_access file under /etc/nginx/conf.d.

We would create /etc/nginx/conf.d/basic_auth:

1
2
auth_basic "Administrator's Area";
auth_basic_user_file /etc/ek/.htpasswd;

And under /etc/nginx/conf.d/ip_access:

1
2
allow x.x.x.x;
deny all;

And we would use it with the include directive:

1
2
3
4
location /test {
    include conf.d/basic_auth;
    include conf.d/ip_access;
}

This allows us to reuse the configuration in different location and also different site files. And this concludes today’s post for basic authentication with Nginx!

Conclusion

Today we saw how to enable basic authentication for nginx using htpasswd. We saw how to configure the basic auth using the auth_basic and auth_basic_user_file directives and saw how to restrict access by IP to add a second layer of security. Lastly we saw how we could move the configuration to separate reusable configuration files which can be reused using the include directive. Hope you liked this post, see you next time!

Designed, built and maintained by Kimserey Lam.