Authenticate Users in Nginx using htpasswd basic authentication
Published on

Authenticate Users in Nginx using htpasswd basic authentication

Authors

Introduction

htpasswd is a command-line utility that allows you to create and update flat files used to store usernames and password for basic authentication of HTTP users. In this article, we will see how to use htpasswd to create a password file and use it to authenticate users in Nginx.

You'll need to install apache2-utils package to use htpasswd command.

sudo apt-get install apache2-utils

Now let's see how to create a password file called temp using htpasswd. We will add a user user1 to the password file.

htpasswd -c temp user1

It will prompt you to enter the password for the user user1. Once you enter the password, it will create a file called temp with the username and password hash.

The contents of the file temp will look like this.

user1:$apr1$fOPzyqoK$6CJAVC7XTN9Sg3g5FGBhr0

Here user1 is the username and $apr1$fOPzyqoK$6CJAVC7XTN9Sg3g5FGBhr0 is the password hash. We can't decrypt the password hash to get the original password. If we want to add more users to the password file, we can use the below command.

htpasswd temp user2

To test the authentication with htpass cli

htpasswd -v temp user1
Enter password:
Password for user user1 correct.

Configuring Nginx

Now let's see how to use the password file .htpasswd which we can create using the above method to authenticate users in Nginx. We will create a simple Nginx configuration that will prompt the user to enter the username and password to access the website.

# redirect http to https
server {
  listen 80;
  listen [::]:80;
  server_name snrahul.com;
  return 301 https://$server_name$request_uri;
}

server {
  root /var/www/snrahul.com;

  listen 443 ssl;
  listen [::]:443 ssl;

  index index.html;

  server_name snrahul.com;

  gzip on;
  gzip_proxied any;
  gzip_types application/javascript application/x-javascript text/css text/javascript;
  gzip_comp_level 5;
  gzip_buffers 16 8k;
  gzip_min_length 256;

  ssl_certificate /etc/cloudflare/snrahul.com/snfullchain.pem;
  ssl_certificate_key /etc/cloudflare/snrahul.com/snprivkey.pem;

  auth_basic "Restricted Content";
  auth_basic_user_file /etc/nginx/snrahul.com/.htpasswd;        

  location / {
        try_files $uri $uri/ =404;
    }
}

In the above configuration, we have added the auth_basic directive to enable basic authentication. The auth_basic_user_file directive is used to specify the password file which we created using htpasswd. You can add this configuration to your Nginx configuration file and reload the Nginx service.

Then you can access the website in the browser. It will prompt you to enter the username and password to access the website.

Password Protect Website

If you enter a valid username and password defined in the password file, you will be able to access the website. You see see your website content.

Access Website

If you enter an invalid username or password, you will see the below error message.

Unauthorized