Skip to main content
Sign in Menu

Password Protect Site or Directory with HTTP Auth

Kale Muscarella
  • Updated

Introduction

This guide will cover configuring Nginx to password-protect a directory on your AutoPilot deployment. Note that this form of authentication is basic, and you may want to consider options such as Cloudflare Zone Lockdown or Cloudflare Access instead.

Create User and Password File

Create an .htpasswd file, which stores login usernames and encrypted passwords.

read -p "Enter Username: " user; echo "$user:$(openssl passwd -apr1)" > /etc/nginx/conf.d/.htpasswd

You will be prompted to enter a username and password, and then the file will be saved.

Create Configuration File

/etc/nginx/conf.d/10-protected.conf

Protecting the Entire Site

Example Configuration Directives

####################################################
# This code will either allow you straight to the website if
# whitelisted or give you a login prompt when visiting site
####################################################
satisfy any;
allow 192.168.1.1; # Your public IP can be obtained at https://ip.jetrails.com
deny all;

auth_basic "Restricted area";
auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
#http auth end

Protecting Specific Directories

Example Configuration Directives

location ^~ /DIRECTORYNAME/ {
    ####################################################
    # This code will either allow you straight to the website if
    # whitelisted or give you a login prompt when visiting site
    ####################################################
    satisfy any;
    allow 192.168.1.1; # Your public IP can be obtained at https://ip.jetrails.com
    deny all;

    auth_basic "Protected Directory";
    auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
    #include /etc/nginx/conf.d/DOMAIN.COM/all-as-entrypoint.conf; # Optional without it PHP scripts will not run within the directory. If you need to run scripts within the directory, remove commnt '#'.
}

Replace DIRECTORYNAME with the name of the directory to password protect. Optionally, replace "Protected Directory" with the message you would like shown in the browser prompt.

Validate the Nginx configuration

sudo nginx -t

If no errors are shown, the configuration is valid and you may reload Nginx to apply the changes.

sudo systemctl reload nginx

 

Related articles

Comments

0 comments

Article is closed for comments.