# πŸ”πŸ”‘ Nginx SSL with HTTP Basic Authentication ## πŸ“„ Example Secure Server Block (HTTPS + Password Protection) ```nginx listen 443 ssl; server_name example.com www.example.com; # πŸ”’ SSL Certificates (Generated by Certbot) ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # πŸ“‚ Website Root root /var/www/example.com/html; index index.html; # πŸ”‘ Password-Protected Location location / { auth_basic "Admin"; auth_basic_user_file /etc/nginx/.htpasswd; try_files $uri $uri/ =404; } ``` --- ## πŸ—‚οΈ Explanation of Key Parts | Directive | Purpose | | ---------------------- | ------------------------------------------------------------------- | | `auth_basic "Admin";` | Enables **HTTP Basic Authentication** with prompt title β€œAdmin”. | | `auth_basic_user_file` | Points to the `.htpasswd` file containing username/password hashes. | | `.htpasswd` file | Stores encrypted credentials β€” created using `htpasswd` command. | | SSL lines | Load the certificate and private key from **Certbot**. | --- ## πŸ› οΈ How to Set Up Password Protection ### 1️⃣ Install `apache2-utils` (for `htpasswd` tool) ```bash apt install apache2-utils ``` ### 2️⃣ Create the `.htpasswd` File ```bash htpasswd -c /etc/nginx/.htpasswd ``` * `-c` creates a **new file** (omit `-c` if adding more users). * You’ll be prompted to set a password. ### 3️⃣ Adjust File Permissions ```bash chmod 640 /etc/nginx/.htpasswd chown root:www-data /etc/nginx/.htpasswd ``` ### 4️⃣ Test and Reload Nginx ```bash nginx -t systemctl reload nginx ``` --- ## ⚠️ Security Notes * Always store `.htpasswd` **outside** your web root. * Passwords in `.htpasswd` are hashed, but still protect the file with correct permissions. * Works best for **admin panels**, **staging sites**, or private areas.