Gaming industry under DDoS attack. Get DDoS protection now. Start onboarding
Under attack? Log in
Sign up for free

Products

Solutions

Pricing

Resources

Partners

Why Gcore

Under attack?
Log in
Contact us
Contact us Sign up for free
  1. Home
  2. Developers
  3. How to Configure Basic Authentication in NGINX

How to Configure Basic Authentication in NGINX

  • By Gcore
  • September 1, 2023
  • 2 min read
How to Configure Basic Authentication in NGINX

Configuring basic authentication in NGINX is an essential step for anyone looking to add an extra layer of security to their web pages. By restricting access to authorized users, you can ensure your content remains exclusive and your server stays protected. This guide will walk you through the straightforward process, ensuring you’re well-equipped to fortify your NGINX setup.

Setting up Basic Authentication in NGINX

Setting up Basic Authentication in NGINX is a fundamental security measure to restrict unauthorized access to your web server’s specific areas. By prompting users for a username and password, you ensure that only authorized personnel can access certain resources. Here are step-by-step instructions, complete with descriptions, inputs, and expected outputs:

#1 Install httpd-tools

This tool provides the htpasswd utility, which we’ll use to create a password file by running this command:

sudo apt-get install apache2-utils

#2 Create a Password File

Using htpasswd, create a password file. The -c option is used only when creating a new file.

sudo htpasswd -c /path/to/.htpasswd username

Replace ‘username’ with the desired username you’re working with. You’ll be prompted to enter and confirm your password. Replace ‘/path/to/’ with the actual path where you intend to store your password file. While ‘.htpasswd’ is a commonly used name for this file, you can rename it if you prefer.

Once you run the command, the output should look like this:

New password:Re-type new password:Adding password for user username

Make sure to type your password slowly and carefully to prevent any mistakes. This approach can help ensure accuracy and avoid potential access issues.

#3 Configure NGINX for Basic Authentication

Modify your NGINX configuration file to reference the password file. Open your NGINX configuration:

sudo nano /etc/nginx/sites-available/default

Add or modify the location block you wish to protect. For instance:

location /protected/ {    auth_basic "Administrator Login";    auth_basic_user_file /etc/nginx/.htpasswd;}

Once you’re done, save by pressing ‘CTRL + O’, and then press ‘Enter’ to confirm. To exit the editor, press ‘CTRL + X’.

#4 Reload NGINX

Apply the changes by reloading NGINX.

sudo systemctl reload nginx

#5 Test Basic Authentication

Navigate to the protected location in your web browser. As a result, a login prompt will appear, asking for the username and password. After entering the correct credentials, you should be able to access the resource. Entering incorrect credentials will result in an authorization error.

That’s all! With these steps, you’ve acquired the knowledge to set up basic authentication in NGINX. This added layer of security ensures that only authorized users can access specific parts of your website, enhancing its protection against unauthorized access. Remember to always use strong, unique passwords and periodically review your security configurations.

Related articles

CDN Caching: What It Is and How It Works

Every second of load time costs you. During a traffic spike, an uncached origin server can buckle under the pressure, and CDN caching can offload 70% to 90% of that traffic before it ever reaches your Gcore infrastructure. For a user in New

What Is an Edge Server?

Picture an autonomous vehicle doing 70 mph on the highway, waiting on a response from a data center hundreds of miles away. Or a surgeon depending on real-time imaging that freezes mid-procedure because data has to make a round trip across

What is Cache Hit Ratio and How Can You optimize It?

Every cache miss is a trip your server didn't need to make. And those trips add up fast. Sites with poorly optimized caching can see cache hit ratios as low as 70%, meaning three in 10 requests are hitting your origin server directly, dragg

What Is a High Availability Server?

Every minute your servers are down, your business is bleeding. For e-commerce sites, healthcare platforms, and revenue-critical applications, an outage isn't just an inconvenience. It's a direct hit to your bottom line, your reputation, and

Cloud vs Dedicated Server: Which Is Right for You?

Your server choice could be quietly costing you, or quietly holding you back. Pick the wrong infrastructure for your workload and you're either overpaying for idle hardware every month or watching your site buckle under traffic spikes you c

VPS vs Dedicated Server
VPS vs Dedicated Server: Which One Do You Need?

Your site is humming along fine, until it isn't. Traffic spikes, page loads crawl, and your hosting plan buckles under pressure right when it matters most. Choosing between a VPS and a dedicated server isn't just a technical checkbox. It's

Subscribe to our newsletter

Get the latest industry trends, exclusive insights, and Gcore updates delivered straight to your inbox.

Subscribe