this is a very basic question, but I haven't been able to find any documentation on how to set it up. I have a basic nginx personal web server setup, which is pretty much as it is out of the box. I would like to host a page that utilizes a database that I would like to keep hidden. What is the best way to setup a private directory to store sensitive information, either a private subdirectory for that page, or a more site wide directory outside of public hosting.
Asked
Active
Viewed 833 times
1 Answers
0
You can make a subdirectory require a username and password by usng HTTP Basic Authentication with a location directive in your nginx.conf. Without the username or password, you wouldn't be able to access the directory.
It would be a good idea to have TLS working on your site beforehand, as if your site is unencrypted it is possible that someone can see your username/password.
You will be needing the htpasswd program installed. On some distributions the package containing it is called apache2-utils, on others it is httpd-tools. Replace username with the username you want. It will prompt you for a password.
htpasswd -c /etc/nginx/htpasswd username
- Multiple users can be created by repeating the command with alternate usernames.
Then, in your nginx.conf file inside your server block, add the location directive below, replacing /privatedir with the directory you wish to protect, and Private Directory with the message you want to show on the login prompt:
location /privatedir {
auth_basic "Private Directory";
auth_basic_user_file /etc/nginx/htpasswd;
}
Restart nginx and your directory /privatedir as shown in the example above will require a username and password to access. If none is given, or it is not a valid username and password, it will give a HTTP 401 Unauthorized message.
For more information on HTTP Basic Authentication, be sure to check nginx's documentation