Question
how to secure access to an nginx folder?
I’m trying to secure a directory on a CentOS 6.3 64 server running NGINX 1.2.7. I think I’ve set this up correctly, but it keeps giving me a 404 Not Found error when I try to access a file in that folder in the browser using domainName/secure/hello2.html.
I created an .htpasswd file using printf “MYUSER:$(openssl passwd -1 MYPASSWORD)\n” >> .htpasswd and put that into the /var/www/protected/ folder.
I also modified the NGINX config file and included a location/auth block for the /secure/ folder:
# protect the "secure" folder ( /var/www/html/secure )
location /secure/ {
auth_basic "Restricted";
auth_basic_user_file /var/www/protected/.htpasswd;
}
If I comment out this block from the config file and restart NGINX, I can see the file in the browser with no problem. I even moved the .htpasswd file into the /secure/ folder and changed the config file to reflect that change (just to see what would happen), but I still get the 404 Not Found error.
Can anyone tell me what I’m missing?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Get our biweekly newsletter
Sign up for Infrastructure as a Newsletter.
Hollie's Hub for Good
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Become a contributor
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Hello,
In case anyone stumbles upon the question, here is a summarize of the issue:
The basic authentication has been configured correctly. However, Nginx will be having trouble locating the file due to incorrect configuration or missing root directive in your server block. Addin the following lines in your server block should resolve the issue:
These lines tell Nginx where the root directory for your website is and set the default index files. Make sure the path specified in the
rootdirective matches the actual path of your website files.Now, update your location block as follows:
Here, the
^~modifier in the location block ensures that this location block takes precedence over any regular expression location blocks that might be present in the configuration.After making these changes, test the configuration and reload Nginx:
Now, try accessing the file again at
domainName/secure/hello2.html. You should be prompted for a username and password, and upon entering the correct credentials, the file should be displayed.The problem was that the location section did not have a root specified. After inserting that at the server level and commenting other root lines at the sub levels in other location blocks, it worked.
dave - <br> <br>The .htpasswd file in /protected and the html file I’m trying to view in /secure were both -rwxr–r-- just like other files that can be viewed by the browser. I even changed them to -rwxr-xr-x but I get the same error. Thanks anyway…