how to secure access to an nginx folder?

March 13, 2013 6.1k views
I'm trying to secure a directory on a CentOS 6.3 64 server running NGINX 1.2.7. I think I've set this up correctly, but it keeps giving me a 404 Not Found error when I try to access a file in that folder in the browser using domainName/secure/hello2.html. I created an .htpasswd file using printf "MYUSER:$(openssl passwd -1 MYPASSWORD)\n" >> .htpasswd and put that into the /var/www/protected/ folder. I also modified the NGINX config file and included a location/auth block for the /secure/ folder: Code: # protect the "secure" folder ( /var/www/html/secure ) location /secure/ { auth_basic "Restricted"; auth_basic_user_file /var/www/protected/.htpasswd; } If I comment out this block from the config file and restart NGINX, I can see the file in the browser with no problem. I even moved the .htpasswd file into the /secure/ folder and changed the config file to reflect that change (just to see what would happen), but I still get the 404 Not Found error. Can anyone tell me what I'm missing?
3 Answers
it all looks fine, the only thing I can think of is www-data doesn't have access to read your .htpasswd file. Check your file permissions.
dave -

The .htpasswd file in /protected and the html file I'm trying to view in /secure were both -rwxr--r-- just like other files that can be viewed by the browser. I even changed them to -rwxr-xr-x but I get the same error. Thanks anyway...
The problem was that the location section did not have a root specified. After inserting that at the server level and commenting other root lines at the sub levels in other location blocks, it worked.
Have another answer? Share your knowledge.