How To Set Up HTTP Authentication With Nginx On Ubuntu

In the realm of web server management, protecting your application and limiting access to authorized users is paramount. One efficient way to secure your websites is through HTTP Basic Authentication. In this blog post, we will guide you step-by-step on how to set up HTTP Authentication with Nginx on an Ubuntu server.

What is HTTP Authentication?

HTTP Authentication requires users to enter a username and password before they can access your website or specific resources. This method acts as a first line of defense against unauthorized access, providing an additional layer of security on top of SSL/TLS.

Prerequisites

Before we dive into the setup, ensure you have the following:

1. An Ubuntu server with Nginx installed.
2. An SSH client to connect to your server.
3. Basic understanding of the terminal commands.

If you haven’t installed Nginx yet, you can do so with the following command:

sudo apt update
sudo apt install nginx

Step 1: Install the htpasswd Utility

The htpasswd utility, which is part of the Apache2-utils package, allows you to create and manage user authentication files.

To install it, run:

sudo apt install apache2-utils

Step 2: Create a Password File

Next, we’ll create a password file that will store your users’ credentials. You can create this file in any directory, but it’s common to store it in /etc/nginx/ for organization.

Here’s how to create the password file. In this example, we will create a user named “admin”:

sudo htpasswd -c /etc/nginx/.htpasswd admin

You’ll be prompted to enter a password for the user. The -c option is used to create a new file. If you want to add more users later, simply run the command without the -c option:

sudo htpasswd /etc/nginx/.htpasswd anotheruser

Step 3: Configure Nginx

Now, you need to configure Nginx to use the password file for authentication. Open your Nginx configuration file with your preferred text editor. For example, if you’re configuring the default server block, you can open it with nano:

sudo nano /etc/nginx/sites-available/default

Within the server { ... } block, add the following lines to secure a specific location (e.g., root directory):

location / {
    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/.htpasswd;
}

Here’s a brief breakdown of the configuration:

• auth_basic "Restricted Access";: This line triggers the authentication prompt that users will see, and you can customize the message as needed.
• auth_basic_user_file /etc/nginx/.htpasswd;: This line specifies the path to the password file we created earlier.

If you want to protect a specific directory or endpoint, change the location clause accordingly.

Step 4: Test the Configuration

Before reloading Nginx to apply your changes, test the configuration to ensure there are no errors:

sudo nginx -t

If there are no errors reported, you should see a message like “syntax is ok” and “test is successful.”

Step 5: Reload Nginx

After verifying the configuration, you can safely reload Nginx to apply your changes:

sudo systemctl reload nginx

Step 6: Verify HTTP Authentication

Open your web browser and navigate to the website or protected resource you configured. You should see a prompt asking for a username and password. Enter the credentials you created earlier.

If everything has been set up correctly, you will be granted access to the site upon successful authentication.

Conclusion

Implementing HTTP Authentication with Nginx on Ubuntu is an effective way to add an extra layer of security to your web server. By following the steps outlined in this guide, you can easily protect sensitive areas of your website from unauthorized access.