Page Discussion History

Difference between revisions of "HttpAuthBasicModule"

m (References: Update link to the original documentation)
Line 49: Line 49:
= References =
= References =
[http://sysoev.ru/nginx/docs/http/ngx_http_auth_basic_module.html Original Documentation]
[http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html Original Documentation]
[http://kbeezie.com/view/protecting-folders-with-nginx/ Protecting Folders with Auth_Basic]
[http://kbeezie.com/view/protecting-folders-with-nginx/ Protecting Folders with Auth_Basic]

Revision as of 15:17, 21 April 2012



You can use this module to protect your site or parts of it with username and password based on HTTP Basic Authentication.

Example configuration

location  /  {
  auth_basic            "Restricted";
  auth_basic_user_file  htpasswd;



syntax: auth_basic realm | off

default: auth_basic off

context: http, server, location, limit_except

variables: no

phase: access

This directive includes testing name and password with HTTP Basic Authentication. The assigned parameter is used as authentication realm. A value of "off" makes it possible to override the action for the inheritable from a lower-level directive.


syntax: auth_basic_user_file file

default: none

context: http, server, location, limit_except

variables: no

phase: access

This directive sets the htpasswd filename for the authentication realm. Since version 0.6.7 the filename path is relative to directory of nginx configuration file nginx.conf, but not to nginx prefix directory.

The format of file is the following:


Passwords must be encoded by function crypt(3). If Apache is installed, you can create the password file using the htpasswd program included. Note: Apache uses MD5 for encryption.

Since version 1.0.3 nginx supports "$apr1", "{PLAIN}" and "{SSHA}" password encryption methods.

This file should be readable by workers, running from unprivileged user. E. g. when nginx run from www you can set permissions as

chown root:nobody htpasswd_file
chmod 640 htpasswd_file

See also: How do I generate an htpasswd file without having Apache tools installed?


Original Documentation

Protecting Folders with Auth_Basic