Ubuntu

How to Set Up Nginx Basic Authentication in Ubuntu 24.04

HomeUbuntuHow to Set Up Nginx Basic Authentication in Ubuntu 24.04

What is Nginx Basic Authentication?

Nginx Basic Authentication is a simple access control mechanism that prompts users for a username and password before allowing access to specific web content. It uses the standard HTTP Authorization header and works with virtually all modern web browsers and HTTP clients.

When Basic Authentication is configured, users attempting to visit a protected area of your website will be required to log in using credentials stored in a secure file on the server.

Purpose and Use Cases

Basic Authentication is ideal for:

  • Protecting admin areas or staging sites from unauthorized users
  • Restricting access to internal dashboards, APIs, or static content
  • Providing temporary access control during development or deployment
  • Creating a lightweight login layer without implementing full authentication systems

How It Works

  • A username and an encrypted password are stored in a file (commonly known as .htpasswd).
  • Nginx references this file to verify credentials.
  • If a user attempts to access a protected path, they will receive a login prompt.
  • If valid credentials are entered, access is granted; otherwise, the user sees a “401 Unauthorized” error.

Benefits

  • Simplicity: Easy to set up with minimal configuration
  • Compatibility: Works with most HTTP clients and browsers
  • No code changes required: Managed entirely at the web server level
  • Effective for small-scale access control

Security Considerations

  • HTTPS is essential: Basic Authentication transmits credentials in base64-encoded format, not encrypted. TLS/SSL ensures credentials aren’t exposed in transit.
  • Password management: Use strong, unique passwords and consider rotating them periodically.
  • Restricted access: The password file should be kept outside of publicly accessible directories.
  • IP filtering: For additional security, you can combine Basic Auth with IP whitelisting.
  • Brute-force protection: Use tools like Fail2Ban or rate limiting features to prevent repeated login attempts.

Limitations

  • No session handling: Once the browser sends credentials, it will continue to do so until it’s closed or cleared.
  • No password recovery: There is no built-in system to reset or recover passwords.
  • Not ideal for public or high-security applications: Best used for internal or low-risk areas.
  • User experience: The login prompt is browser-based and not customizable.

Nginx Basic Authentication on Ubuntu 24.04 is a simple and effective solution for securing access to certain parts of your website or server. While it lacks advanced features like session tracking or user management, it’s perfect for quick protection of sensitive areas such as admin panels, development sites, or private dashboards.

For maximum security, it should always be used in conjunction with HTTPS and other hardening techniques, especially in production environments.

Step 1: Deploy a VPS on Shape.Host

Visit https://shape.host and log into your account.

Click Create, then choose Instance.

Select a server location closest to your users.

Pick Ubuntu 24.04 (64-bit) as the operating system.

Choose a plan with 2+ CPUs, 4 GB RAM, and 20 GB SSD.

Click Create Instance.

Once ready, find your IP address in the Resources section to connect.

Step 2: Connect to Your Server

On Linux/macOS:

ssh root@your_server_ip

On Windows, use PuTTY and connect with your server’s IP address as root.

Step 3: Update and Install Nginx

apt update
apt install nginx

Installs Nginx, the web server used in this setup.

Step 4: Check Nginx Status

systemctl status nginx

Confirms that Nginx is running properly.

Step 5: Configure the Firewall

ufw allow 'Nginx Full'
ufw allow ssh
ufw enable

Opens firewall ports for HTTP/HTTPS and SSH access.

Step 6: Install the Apache Utils Package

apt install apache2-utils

Provides the htpasswd command, which lets you create user/password files.

Step 7: Edit Nginx Configuration

nano /etc/nginx/sites-available/default

Find the server {} block and add this section inside:

location /sensitive-doc {
    auth_basic "Basic Auth";
    auth_basic_user_file /etc/nginx/.htpasswd;
}

This sets up password protection for the /sensitive-doc path.

Step 8: Create Username and Password

htpasswd -Bc /etc/nginx/.htpasswd username

You’ll be prompted to enter a password. Replace username with your preferred user.

Step 9: Create the Protected Directory

mkdir /var/www/html/sensitive-doc

This is the folder that will be password-protected.

Step 10: Reload Nginx to Apply Changes

systemctl reload nginx

Reloads Nginx without shutting it down.

Step 11: Add a Test HTML File

nano /var/www/html/sensitive-doc/index.html

Paste the following content:

<html>
<title>My basic authentication HTML page</title>
<body>
<p style="width: 100%; font-weight: bold; font-size: 60px; text-align: center;">
Basic authentication is enabled!
</p>
</body>
</html>

Save and exit the editor.

Step 12: Test It in Your Browser

Visit:

http://your_server_ip/sensitive-doc/

You should see a login prompt. Use the username and password you created to access the page.

You’ve now protected a directory with Nginx basic authentication on Ubuntu 24.04, using just a few simple commands.

This setup works perfectly on Shape.Host Linux SSD VPS servers:

  • Fast and reliable performance
  • Root access and quick provisioning
  • Ideal for Nginx-based projects

Launch your instance now at https://shape.host

Tags:
Christian Wells

Older Post

How to Enable Apache CGI on Ubuntu 24.04

Next Post

How to Set Up Apache Basic Authentication in Ubuntu 24.04

Related Product

How to Install OpenEMR on Ubuntu 24.04 with NGINX

How to Install Moodle LMS on Ubuntu 24.04 Server