HTTP Authentication featured image

Configuring Basic HTTP Authentication with Nginx on Ubuntu 20.04

Nginx is a free, open-source web server used for load balancing, buffering, and caching. Since its inception in 2004, Nginx has gained popularity for scaling web servers and reverse proxying. Due to its high performance and excellent capabilities to handle a large volume of connections, it is used to manage and control incoming traffic.

How Does HTTP Authentication Work?

In basic HTTP authentication, all the routes on the server are blocked and require the appropriate credentials to authenticate. Whenever a user tries to access a secured resource, the server sends the user a WWW-Authenticate header and a 401 Unauthorized response. If the username and password used by the user are correct and match with the key file, the connection is established, else it is denied.

In this tutorial, we’ll walk you through the steps of setting up basic HTTP authentication with Nginx on Ubuntu 20.04.

Prerequisites

To follow along with this tutorial, you’ll need the following:

Step 1: Update Software Repositories

Before installing any new software or an API package on your system, refresh the repositories to avoid errors or any package conflicts. Initially, we’ll update the software using the sudo command:

Now that we have updated software repositories, let’s install the necessary apache2 packages.

Step 2: Install Necessary Packages

As we are setting up HTTP Authentication for a directory, we’ll be using the htpasswd command to create an encrypted password. Install the apache2-utils package using the following command:

Step 3: Create User and Password

In this step, we’ll set up the basic HTTP Authentication credentials. Under the root directory, create a .htpasswd file associated with the user. The password will be encrypted, and the file name can be anything of your choice. Use the following command to create the file and add the user with an encrypted password:

Next, verify the newly-created file using the following command:

Step 4: Update the Nginx Configuration

Once we have our HTTP basic authentication credentials, let’s set up Nginx and use it on our target website. We require auth_basic and auth_basic_user_file directives to establish the HTTP basic authentication. The value of auth_basic directive is a string format, whereas the value of auth_basic_user_file is the path to the password file created in Step 3.

It is important to include the two directives in the configuration file of the target website. You’ll find the location of the targeted website in the /etc/nginx/sites-available directory. Open the configuration file using the nano editor:

Then, add both of these directives under the location section:

After adding the directive, save and close the configuration file.

Step 5: Restart Ngnix

Next, reload or restart the Nginx services to apply the changes on our virtual host. After that, we’ll try to access the secured domain using our basic HTTP authentication. Use the following command to activate the Nginx services:

Step 6: Secure Web Access

Once you’ve restarted Nginx, the next step is to try to access the IP address or domain name in your favorite browser. On clicking the IP address http://your_domain_name/ in your browser, a prompt will open asking you to enter the credentials to authenticate. Once you enter the right username and password, you’ll see a default Nginx home page.

Conclusion

In this tutorial, we learned how to configure basic HTTP authentication with Nginx. The basic username/password authentication is just one of the many authentication options to establish a secure connection in Nginx.

There are other powerful options used for server authentication. For example, some popular methods you can use include API integrations, JSON Web Tokens, SSH key-based authentications. Even though obtaining robust security mechanisms may seem tricky initially, they are highly effective to safeguard your privacy.

Furthermore, there are many other learning materials and tutorials on Nginx that you can access from our blogs:

Happy Computing!