How to setup HTTP Authentication with Nginx on Ubuntu
Nginx is an HTTP and reverse proxy server which is lightweight as compare to apache. When we need http authentication for secure our site admin login then there is a need to setup HTTP Authentication with our server. So below steps define how to setup HTTP Authentication with Nginx on Ubuntu Server.
Setup HTTP Authentication with Nginx
Install Apache Utils
First we need to install apache utils which require for generate encrypted password for the user using basic authentication. Install apache2-utils using following command –
linuxtweaks ~]#apt-get install apache2-utils
Create user and password
Create a .htpasswd file under your web root directory being served by nginx virtual host. The following command would use to create htpasswd file –
linuxtweaks ~]#htpasswd -c /var/www/vhosts/linuxtweaks.in/.htpasswd linuxuser New password: Re-type new password: Adding password for user linuxuser
You can check the file htpasswd which will look like this –
linuxtweaks ~]#cat /var/www/vhosts/linuxtweaks.in/.htpasswd linuxuser:encryptedpassword
Nginx Configuration
Next we need to configure nginx for using http authentication for our admin login page.Here we can secure whole site or some of pages of our site.
So update nginx virtualhost under /etc/nginx/sites-enabled/linuxtweaks.conf and add below line of code.if secure whole site which is in development or just to secure. Add two line of code in your nginx vhost configuration so your vhost will look like this.
server {
listen portnumber;
server_name ip_address;
location / {
root /var/www/vhosts/linuxtweaks.in;
index index.html index.htm;
auth_basic "Restricted"; #For Basic Auth
auth_basic_user_file /var/www/vhosts/linuxtweaks.in/.htpasswd; #For Basic Auth
}
}
The above code is normal when we don’t have php file. When we have php file and using fastcgi as backend proxy than we have to configure vhost in different way for secure any page.
server {
listen 80;
server_name linuxtweaks.in;
root /var/www/vhosts/linuxtwaeks.in;
index index.php index.html index.htm;
######### Whatever code configured in your nginx vhost######
###### line of code #######
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~* /wp-login.php {
auth_basic "Restricted Area";
auth_basic_user_file /var/www/vhosts/linuxtweaks.in/.htpasswd;
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Above line of code secure wordpress admin login page with precreated user in .htpasswd.
NOTE :- We have to use php scripts code when define locatoin for any php file to secure otherwise after login successfully your file will goes download as bin file and not executed as php script.
If you configure your site as –
location ~* (wp-login)\.php$ {
auth_basic_user_file /var/www/vhosts/linuxtweaks.in/.htpasswd;
auth_basic_user_file /var/www/bitmall/.htpasswd;
}
Above code will call the http authentification, but not executed php as scripts so the browser downloads the wp-login.php, when the credentials have been entered, instead of going to the main login screen.
Reload Nginx
Reload/restart nginx server to take effect of your configuration.
linuxtweaks ~]#service nginx reload
Now you can check if your whole site / selected page is secure through http authentication.
To know more about HTTP Authentication please click here
Congrats you all done !!!
