2.0 KiB
2.0 KiB
🔐🔑 Nginx SSL with HTTP Basic Authentication
📄 Example Secure Server Block (HTTPS + Password Protection)
listen 443 ssl;
server_name example.com www.example.com;
# 🔒 SSL Certificates (Generated by Certbot)
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# 📂 Website Root
root /var/www/example.com/html;
index index.html;
# 🔑 Password-Protected Location
location / {
auth_basic "Admin";
auth_basic_user_file /etc/nginx/.htpasswd;
try_files $uri $uri/ =404;
}
🗂️ Explanation of Key Parts
| Directive | Purpose |
|---|---|
auth_basic "Admin"; |
Enables HTTP Basic Authentication with prompt title “Admin”. |
auth_basic_user_file |
Points to the .htpasswd file containing username/password hashes. |
.htpasswd file |
Stores encrypted credentials — created using htpasswd command. |
| SSL lines | Load the certificate and private key from Certbot. |
🛠️ How to Set Up Password Protection
1️⃣ Install apache2-utils (for htpasswd tool)
apt install apache2-utils
2️⃣ Create the .htpasswd File
htpasswd -c /etc/nginx/.htpasswd <username>
-ccreates a new file (omit-cif adding more users).- You’ll be prompted to set a password.
3️⃣ Adjust File Permissions
chmod 640 /etc/nginx/.htpasswd
chown root:www-data /etc/nginx/.htpasswd
4️⃣ Test and Reload Nginx
nginx -t
systemctl reload nginx
⚠️ Security Notes
- Always store
.htpasswdoutside your web root. - Passwords in
.htpasswdare hashed, but still protect the file with correct permissions. - Works best for admin panels, staging sites, or private areas.