Basic authentication

Previously, we configured nginx to list directories and files in html. Now, let’s add authentication to restrict access to specific directories and files.Basic authentication

The simplest web authentication method is basic authentication. It requires an Authorization header in each request. However, browsers don’t support setting a header on requests without javascript, and with javascript, there’s no sane way to stream file downloads to the browser’s download manager.

So, once the initial basic auth login is validated, we'll use cookies, which browsers automatically include for each request on the same site.

Let’s start by creating a login endpoint with nginx basic auth to verify the user/password pair and set a cookie for users with valid credentials.... server { ... location @login_success { add_header Set-Cookie "ngxp=???; max-age=15552000; path=/; SameSite=Lax; Secure; HttpOnly"; return 200 "login success"; } location ^~ /___ngxp/login { auth_basic "Login"; auth_delay 1s; auth_basic_user_file /opt/ngxp/basic.htpasswd; try_files _ @login_success; } }

To create entries in basic.htpasswd, we use openssl[1]:printf '%s:%s\n' "$user" "$(openssl passwd -5 "$password")" >> basic.htpasswd

Leave a Comment