HTTP Basic Authentication - shawfdong/hyades GitHub Wiki

As of version 1.6.0, nginx supports HTTP Basic Authentication, but not yet officially support HTTP Digest Authentication. Here we document how to set up HTTP Basic Authentication with nginx.[1]

Create a Password File

The password file is in the following format:

# comment
name1:password1
name2:password2:comment

For educational purpose, we'll add two users (name1 & name2), both with the same password 123456.

1. name1's password is hashed with the Apache variant of the MD5-based password algorithm (apr1). It can be generated with the htpasswd utility (available as part of the httpd-tools package on CentOS):

$ htpasswd -nb name1 123456
name1:$apr1$YW0lMOh2$zxlZbYfHFAH5xprkzZKzE1

2. name2's password is hashed with SSHA (salted SHA-1 hashing). It can be generated with the slappasswd utility (available as part of the openldap-clients package on CentOS):

$ slappasswd
New password:123456
Re-enter new password:123456 
{SSHA}nViGkJ4iymabBNLxWuuTJ1AIN5krP85p

Here is the final password file (/etc/nginx/htpasswd):

name1:$apr1$YW0lMOh2$zxlZbYfHFAH5xprkzZKzE1:htpasswd
name2:{SSHA}nViGkJ4iymabBNLxWuuTJ1AIN5krP85p:slappasswd

Configure nginx

Add the following lines to the configuration file of nginx (e.g., /etc/nginx/conf.d/maia.conf):

    auth_basic   "Basic Authentication Required";
    auth_basic_user_file   htpasswd;

References

  1. ^ Module ngx_http_auth_basic_module
⚠️ **GitHub.com Fallback** ⚠️