If you want to password protect an section/directory on your site and make it available to login with an username and password, you can do so by using nginx HTTP basic auth. This function allows you to stop other people who don't have the logins from accessing the section you are protecting.
Step 1 - Install Apache utils
Package apache2-utils should be installed first, this package contains the htpasswd package which allows you to generate hashed passwords.
sudo apt install apache2-utils
Step 2 - Generate User and Password
In this step, we'll be generating the hashed password and username by using this command
Note: replace owlhowto with your username
sudo htpasswd -c /etc/nginx/.htpasswd owlhowto
Once you type the above command, you will be prompted to set a password for the username you selected, type password and then confirm it by typing it again.
and it should look like this
To verify if file .htpasswd was successfully created, you can check it with the cat command
cat /etc/nginx/.htpasswd
As you can see in the screenshot above, the file contains the username you set and the hashed password, now you should be good to move to the next step.
Step 3 - Setup Basic HTTP Auth
The path below is the default nginx configuration, if you have more than 1 site on your server, or if you want to password protect only one site then the file you should edit is located at /etc/nginx/sites-enabled/mysite.com
To set up basic auth on the default file
Open nginx config with nano or vim
sudo nano /etc/nginx/nginx.conf
To set up basic auth on the site you want
sudo nano /etc/nginx/sites-enabled/mysite.com
Then simply add the parameters auth_basic and auth_basic_user_file to location
location / - Means it will password protect the whole site since it's just / and it doesn't specify
To protect only a directory you need to specify the location
Example : location /login - Will password protect the section /login, so when you browse to mysite.com/login you will be prompted to enter Username and password.
auth_basic - Is the name of the section
auth_basic_user_file - Is the path where the file .htpasswd is located
location /login {
auth_basic "Admin's Area";
auth_basic_user_file /etc/nginx/.htpasswd;
}
Once you have added your own configuration press CTRL + X to save the file
Next, to make sure you don't have any error on the config file, type:
sudo nginx -t
If you get test is successful then you are good to go, if you get errors then you should go and take a look again at the config file where you added the change, the errors also specify the exact line where the error is, so it shouldn't be that hard to know what's causing it, could be a missing { or ;
Step 4 - Reload and Restart Nginx
All you need to do now is reload nginx and restart it
Reload nginx
sudo systemctl reload nginx
Restart Nginx
sudo systemctl restart nginx
Once you have restarted nginx, test your site by browsing to the location that you password protected.
Conclusion
In this tutorial you learned how to password protect directories on Nginx.