Setting up of Password Authentication with Nginx on Ubuntu


While setting up a web server, there are frequent sections of the website for which you need to restrict the access. Web application usually offers their own authentication and authorization procedure. However, the web server itself can be utilized to prohibit the access if these become inadequate or unobtainable. In this article, you will be guided how to set up password authentication with Nginx on Ubuntu Cloud Server.


1) Creating the Password File with Nginx on Ubuntu Cloud Server:


To begin, you need to create the file that will hold the username and password combination. You'll be able to do that by making use of the OpenSSL utilities that are already accessible on the server. Instead, you can also use the purpose-made htpasswd utility which is been enclosed in the apache2-utils package.


You need to create the password file by making use of the OpenSSL Utilities:


If you have got OpenSSL installed on the server, you'll be able to create a password file without any additional packages. You can create a hidden file known as .htpasswd within the /etc/nginx configuration directory to store the username and password.


You will be able to add a username to the file which is using the command. You can use abcd as the username (but you can use the username of your choice).


sudo sh -c "echo -n 'abcd:' >> /etc/nginx/.htpasswd"


And next, you need to add an encrypted password entry for the username by typing the below query:


sudo sh -c "openssl passwd -apr1 >> /etc/nginx/.htpasswd"


You can also repeat the same process for additional usernames. You can also notice how the usernames and encrypted passwords are stored in the file by typing the command mentioned below:


cat /etc/nginx/.htpasswd

Output

abcd:$apr1$wI1/T0nB$jEKuTJHkTOOWkopnXqC1d1


Creating the password file by making use of the Apache utilities:


When the OpenSSL is able to encrypt passwords for the Nginx authentication, several users realize it easier to use a purpose-built utility. The htpasswd utility, recognized in the apache2-utils package, serves this function well.


You need to Install the apache2-utilities package on the server by typing the below query:


sudo apt-get update

sudo apt-get install apache2-utils


Now you will be having access to the htpasswd command. You can use this to create a password file which Nginx can make use to authenticate the user. You can create a hidden file for this purpose known as .htpasswd within our /etc/nginx configuration directory.


For the first time when you use this utility, you need to add the -c option to create the required file. You need to specify a username (eg; abcd) at the end of the command to form a new entry in the file:


sudo htpasswd -c /etc/nginx/.htpasswd abcd


You will be requested to deliver and ensure the password for the user.


Leave out the -c argument for any type of additional users you need to add:


sudo htpasswd /etc/nginx/.htpasswd another_user


If you need to view the contents of the file, you can see the username and the encrypted password for each and every record:


cat /etc/nginx/.htpasswd


Output

abcd:$apr1$lzxsIfXG$tmCvCfb49vpPFwKGVsuYz.

another_user:$apr1$p1E9MeAf$kiAhneUwr.MhAE2kKGYHK.


2) Configuring of the Nginx password Authentication on Ubuntu Cloud Server:


Now you will be having the file with your own users and passwords in a format in which the Nginx will be able to read, You also need to configure the Nginx to go through the file before it starts serving the secured content.


You need to begin by opening up the server block configuration file that you need to add a limitation.  For eg: you can use the default server block file installed with the help of Ubuntu Nginx package:


sudo nano /etc/nginx/sites-enabled/default


Inside the comments stripped, the file has to be similar to the below-mentioned query:


/etc/nginx/sites-enabled/default


server {

   listen 80 default_server;

   listen [::]:80 default_server ipv6only=on;


   root /usr/share/nginx/html;

   index index.html index.htm;


   server_name localhost;


   location / {

       try_files $uri $uri/ =404;

   }

}


To set up the authentication, you have to make sure on the context to limit. Among different choices, Nginx permits you to set the restrictions on the server level or within a particular location. In this article as an example, we will prohibit the complete document root with a location block, however, you will be able to modify this listing to only target a particular directory in the web space.


In this particular location block, you can use the auth_basic directive to turn on the authentication and to select the realm name to be displayed to the user while prompting for the credentials. You can also use the auth_basic_user_file directive to point the Nginx to the password file that has been created:


etc/nginx/sites-enabled/default


server {

   listen 80 default_server;

   listen [::]:80 default_server ipv6only=on;


   root /usr/share/nginx/html;

   index index.html index.htm;


   server_name localhost;


   location / {

       try_files $uri $uri/ =404;

       auth_basic "Restricted Content";

       auth_basic_user_file /etc/nginx/.htpasswd;

   }

}


You need to save and close the file when you have completed. And restart the Nginx to implement the password policy:


sudo service nginx restart


The directory which you have been specified must now be the password protected.


3) Confirm the Password Authentication with Nginx on Ubuntu Cloud Server:


To confirm whether your content is been protected or not, you need to access the restricted content in the web browser. You need to be presented with a username and password prompt that looks like the below mentioned image:



While entering the right credentials, you are allowed to access the content. If you have entered the false credentials or clicked on Cancel, you will be notified that the authorization required error page.