How to setup HTTP Authentication with Nginx on Ubuntu

Nginx is an HTTP and reverse proxy server which is lightweight as compare to apache. When we need http authentication for secure our site admin login then there is a need to setup HTTP Authentication with our server. So below steps define how to setup HTTP Authentication with Nginx on Ubuntu Server.

Setup HTTP Authentication with Nginx

Install Apache Utils

First we need to install apache utils which require for generate encrypted password for the user using basic authentication. Install apache2-utils using following command –

linuxtweaks ~]#apt-get install apache2-utils

Create user and password

Create a .htpasswd file under your web root directory being served by nginx virtual host. The following command would use to create htpasswd file –

linuxtweaks ~]#htpasswd -c /var/www/vhosts/linuxtweaks.in/.htpasswd linuxuser
New password:
Re-type new password:
Adding password for user linuxuser

You can check the file htpasswd which will look like this –

linuxtweaks ~]#cat /var/www/vhosts/linuxtweaks.in/.htpasswd
linuxuser:encryptedpassword

Nginx Configuration

Next we need to configure nginx for using http authentication for our admin login page.Here we can secure whole site or some of pages of our site.

So update nginx virtualhost under /etc/nginx/sites-enabled/linuxtweaks.conf and add below line of code.if secure whole site which is in development or just to secure. Add two line of code in your nginx vhost configuration so your vhost will look like this.

server {
  listen       portnumber;
  server_name  ip_address;
  location / {
      root   /var/www/vhosts/linuxtweaks.in;
      index  index.html index.htm;
      auth_basic "Restricted";                                #For Basic Auth
      auth_basic_user_file /var/www/vhosts/linuxtweaks.in/.htpasswd;  #For Basic Auth
  }
}

The above code is normal when we don’t have php file. When we have php file and using fastcgi as backend proxy than we have to configure vhost in different way for secure any page.

server {
    listen   80;
    server_name linuxtweaks.in;
    root /var/www/vhosts/linuxtwaeks.in;
    index index.php index.html index.htm;

######### Whatever code configured in your nginx vhost######
###### line of code #######

 # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;

    }

location ~* /wp-login.php {
            auth_basic "Restricted Area";
            auth_basic_user_file /var/www/vhosts/linuxtweaks.in/.htpasswd;

            try_files $uri =404;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
    }

}

Above line of code secure wordpress admin login page with precreated user in .htpasswd.

NOTE :- We have to use php scripts code when define locatoin for any php file to secure otherwise after login successfully your file will goes download as bin file and not executed as php script.

If you configure your site as –

location ~* (wp-login)\.php$ {
            auth_basic_user_file /var/www/vhosts/linuxtweaks.in/.htpasswd;
            auth_basic_user_file  /var/www/bitmall/.htpasswd;
    }

Above code will call the http authentification, but not executed php as scripts so the browser downloads the wp-login.php, when the credentials have been entered, instead of going to the main login screen.

Reload Nginx

Reload/restart nginx server to take effect of your configuration.

linuxtweaks ~]#service nginx reload

Now you can check if your whole site / selected page is secure through http authentication.

To know more about HTTP Authentication please click here

Congrats you all done !!!

Balvinder Singh

Hello, I am Balvinder Singh - DevOps Engineer with 2.5+ year of working experience with different server environments. Tag Line:-Linux | AWS| WHM |Monitoring | Virtualization | Optimization | Performance | Security | Release & Deployment. I love helping companies / clients to deploy their code / applicateions to well managed, optimized, secure server and can go extra mile to satisfy.

You may also like...

Leave a Reply

Your email address will not be published.