How to config nginx to password-protect directories?

I installed hestiaCP with Web Server = nginx and Backend Server = php-fpm.

I’m learning that, unlike apache, nginx does not support simply placing a .htaccess file into a directory in order to protect it.

This web page indicates where the equivalent information – that a certain directory requires a pssword and where the passwords file is located – needs to be placed in an nginx config file (after “Server {” and " listen 80;"…)

But I do not know how/where to apply/insert that information to a hestiaCP nginx config file (nor can I even find evidence that anyone has ever done it!).

digging through directories/files, the closest I’ve found is /home/myusername/conf/web/mydomain.com/nginx.conf but that tells me

Default Web Domain Template

DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS

https://hestiacp.com/docs/server-administration/web-templates.html

:confused: :question:

Works fine for the domain

A link to a solution (or else telling me that it simply cannot[!??!] be done under hestia/nginx), rather than a link to a long list of (mostly?) impertinent commands, could help my inquiry to become solved.

Your reply does not help me: I still do not know how/where to apply/insert information to a nginx config file (under hestiaCP) in order to password-protect SPECIFIC DIRECTORIES within a (sub)domain.

Visit the link and look for nginx templates. That is what you need

I think I have it working now: Here’s what I did – IMHO this is what people need, and what this forum needs if hestiaCP is ever to become seriously popular – in case anyone else ever faces the same issue::

  1. I went to /usr/local/hestia/data/templates/web/nginx/php-fpm

  2. copied default.tpl and default.stpl to pw-prot-my-dirs.tpl and .stpl

  3. edited them. there are a series of 4 lines that begin with “location” and end with “}”. Among them, insert the following one (to protect the “private” directory with a challenge that refers to “The Back Room” – or at least under apache it would have; here it just says that the site is asking me to sign in) for each directory you want to protect::

    location /private {
    auth_basic “The Back Room”;
    auth_basic_user_file /home/userid/web/mydomain.com/.htpasswd;
    }

  4. I logged into hestiaCP as admin, clicked on the gear (upper right), selected nginx and php81.-fpm, “Apply to selected”, restart

  5. in hestiaCP, go to userid’s web domain and Edit Web Domain, Advanced, Web Template NGINX → pw-prot-my-dirs, Save

  6. per Web Templates and FastCGI/Proxy Cache | Hestia Control Panel I did v-rebuild-user userid yes

  7. then I placed my .htpasswd file in /home/userid/web/mydomain.com/

  8. if necessary, chown userid:userid .htpasswd

After a few tries (shift+reload?), it began working more or less as expected.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.