1

I need to secure a particular folder in a Ubuntu Server 12.04 running Nginx.

I followed this tutorial: http://nginxlibrary.com/password-protect-a-directory/ and many others like it.

I created a file called .htpasswd using apache utils and put it in /etc/nginx/passwords

Then went to server block in the configuration file and put

location /var/www/mywebsitedir.com/folderthatneedsprotection {
    auth_basic "Restricted Area";
    auth_basic_user_file /etc/nginx/passwords/.htpasswd;
}

I also tried many variations of the location directives such as using wild cards ^~ etc and it still does not work. I really need to password protect a directory, but it does not seem to work! Any help is greatly appreciated.

MindOverMatter
  • 11
  • 1
  • I Figured out a partial solution. Very important to check where the server root is and wait 10 mins for server to propagate after restarting Nginx. But now my other problem is that if you click cancel you still get to see the page, but it is a bare html page. But if you click on its links and hit cancel again you will pass the page and go to the next bare html page. How do i solve this? – MindOverMatter Nov 09 '14 at 09:32
  • More specifically, I do not see a 401 Authorization required on files and directories inside the directory if i hit cancel. Only on the directory itself. – MindOverMatter Nov 09 '14 at 09:59
  • 1
    `location` is URI, not FS path. – Alexey Ten Nov 10 '14 at 07:39
  • related: http://stackoverflow.com/questions/12467900/nginx-password-protect-not-working – Kzqai Apr 29 '15 at 20:16

1 Answers1

0

Note that you're trying to use a combination of a path and a url in the location directive. Instead, it should simply contain the relative url after the domain.

In your case this is most likely to be:

location /folderthatneedsprotection {
    auth_basic "Restricted Area";
    auth_basic_user_file /etc/nginx/passwords/.htpasswd;
}
Kzqai
  • 22,588
  • 25
  • 105
  • 137