During web development, there are times when we will need to limit user access to our website and to limit we can require users to authenticate via tài khoản and mật khẩu .
This article will guide you through the steps to configure Basic Authentication to protect Nginx server running on Ubuntu Server environment.
Request
- Prepare 1 VPS Ubuntu Server
- Install Nginx as a web server
1 2 3 | sudo apt-get update sudo apt-get install nginx |
Create a file to save passwords
To generate a password we can use OpenSSL .
If the server already has OpenSSL , you can move on to the next step, if not, we need to install OpenSSL first via the command:
1 2 3 | sudo apt install libssl-dev sudo apt install openssl |
Create a .htpasswd file to store the username and password inside the /etc/nginx/basic-auth directory. If there are multiple websites running on this server, you can create separate files for each web site, for example .htpasswd-web , .htpasswd-another-web .
First we will add the login name to the .htpasswd file. For example, we use the username as username , then run the command:
1 2 | sudo sh -c "echo -n 'username:' >> /etc/nginx/basic-auth/.htpasswd" |
Next we need to add an encrypted password for the username with the command:
1 2 | sudo sh -c "openssl passwd -apr1 >> /etc/nginx/basic-auth/.htpasswd" |
After running the above command, enter the desired password and confirm the password and then press Enter .
View the content of the newly created .htpasswd file, run the command:
1 2 | cat /etc/nginx/basic-auth/.htpasswd |
The content has the form below, which means we have successfully created an account and password:
1 2 | username:$apr1$2KLGvvZj$6DYTtfzjTIlI0HPQOhLbG0 |
Configure Password Authentication for Nginx
Update the nginx config file, in this example I use the default file of nginx, in addition, people can update the config file corresponding to the web on their server.
1 2 | sudo nano /etc/nginx/sites-enabled/default |
Initially the file /etc/nginx/sites-enabled/default has the following form:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; root /usr/share/nginx/html; index index.html index.htm; server_name localhost; location / { try_files $uri $uri/ =404; } } |
We add auth_basic and auth_basic_user_file pointing to the username and password file you just created above.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; root /usr/share/nginx/html; index index.html index.htm; server_name localhost; location / { try_files $uri $uri/ =404; auth_basic "Restricted Content"; auth_basic_user_file /etc/nginx/basic-auth/.htpasswd; } } |
Save the config file and restart the server.
1 2 | sudo systemctl restart nginx |
After restarting the server, accessing our website, we will see a pop-up window asking for a username and password (like the image at the beginning of the article). If we enter the correct account, we will be allowed to access the inside of the website. Otherwise, if you enter it incorrectly or choose to cancel , the website will automatically redirect to the 401 Authorization Required error page.