How to Password Protect Nginx with Basic Authentication

Nice tutorial, thanks. Looking forward seeing other authentication types from You!

YevhenZhuchenko

quick comment: can you just run 'service reload nginx' for the same effect? in case you have multiple sites and don't want a second of downtime...
Just don't forget to run 'nginx -t' first, to test your configuration files, if there are no problems

laci

How would this look in a case where you want a subdomain to be password protected instead of a location?

leon-set

Very nice and useful tutorial, as usual ! Thans a lot !

MrStefanica

nice video. but when you said apache my heart dropped

TabbitMarsella

if I have multiple pages on my website? Will I need to add auth for all pages in nginx config, or just one auth works for all the pages?

rajatdave

Hello Tony,

Thank you so much for your tutorial! I get one issue though and this would be:

I am trying to set the server side protection for my Wordpress websites login page and I have a hard time to find the right directory. I did set up Wordpress with your tutorial on AWS EC2. There is also a comment on your video having the same issue as me.

MohammadEglil

Hey Brother,
I have exactly similar conf file,
Just requirement is that when auth fails, it will have a json response, which i need to transfer back to client...
Any idea?

RajveerSingh-vfpr

Thank you, this is very cool and useful. I am adding fail2ban alongside my nginx basic auth config, perhaps you could do an update to this video or a tutorial on fail2ban.

muirhead

Nice tutorial! Thanks for the tips. Just one question, if it wasn't "basic" what other security measures you could implement server side with that same structure? (not considering application side measures)

viniguerrero

Hi Tony, I have followed all your instructions, created the files in the right location, saved everything, restarted the server and nothing happened haha, no dialog box to enter a password and nothing is password protected. Any advice on how to troubleshoot the issue.

leea

What if I wanted to protect a port number + directory? e.g. instead of "location /admin..." something like " :9090/prometheus...." ?

thecryptobreakdown

How to achieve this on openlitespeed server? Also one more question offtopic but I would like your My question is which is better if I just simply hide the wp-admin page using plugin or use something like Fails2Ban service and put those attackers in JAIL who are trying to bruteforce the wp-admin page.

dev_manish

hi, is there any way to change the login area? or make a custom login page?

blackdeckerzr

As I know HTTP Basic Authentication system is literally insecure, cuz its cryptography algo is based on Base64 that as u know it's so easy to crack its hash, so I do NOT think anyone still uses this auth sys, it could be hacked so easily

aperson

great tutorial. only downside was you use mac and not linux on your laptop :(

fms

it doesn't work as you explain before you need to prepare "admin area" ... bad tutorial incomplete, hide info, = dislike!

salaopen-official

How do I made this for wp-login.php. I ´tried with
location /wp-login.php {

try_files $uri $uri/ =404;
auth_basic "admin area";
auth_basic_user_file /etc/nginx/.htpasswd;
}
Doesn´t work

mariodamianglezposadafrutos

Hello,

I was looking at your video channel. We may be helping a company that uses secure images to increase supply chain security and help cloud native development. Would you be willing to help try their software, make a video, and help show devs how to use their tools?

This is not an offer, but just to start a conversation about your willingness to take on sponsorship. Please provide me with your email if you are interested.

You'd have a chance to look at their technology and decide if it's the type of software that you'd be interested in covering in your channel.

IleniaQuintero