Sometimes you may want to protect static files on your website from unauthorized user downloads. In such cases, it is adivsable to add an authentication for those files. Here is how to protect static files on your website with basic authentication using NGINX.
NGINX: Protect Static Files with Authentication
Here are the steps to protect static files on your website using authentication on NGINX.
1. Install Apache utils
We will be using htpasswd utility to set up basic authentication. So we need to install apache2-utils or httpd-tools. Open terminal and run any of the following command to do so.
$ sudo apt install apache2-utils #Ubuntu/Debian $ yum install httpd-tools #Redhat/Fedora/CentOS
2. Create username & password
Let us say you want to authorize user team_user to view your static files. Run the following command to create this user.
$ htpasswd -c /etc/nginx/conf.d/.htpasswd team_user
Enter a password for this user when prompted.
3. Open NGINX configuration file
Open NGINX configuration file in a text editor.
$ sudo vi /etc/nginx/nginx.conf
If you have configured separate virtual hosts for your website (e.g www.example.com), such as /etc/nginx/sites-enabled/example.conf then open its configuration with the following command
$ sudo vi /etc/nginx/sites-enabled/example.conf
Alternatively, you can also open the default virtual host configuration file.
$ sudo vi /etc/nginx/sites-enabled/default
4. Password Protect Static Files
Let us say you want to password protect a static file /download.pdf, then add the following location block in your server.
server {
...
location /download.pdf {
auth_basic "Restricted Access!";
auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
...
}
...
}
The important part is to add the following lines in the location blocks of URLs that you want to protect.
auth_basic "Restricted Access!"; auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
The first line specifies that basic authentication is required, and the second line specifies the location of password file to be used for authentication.
You can use this method to protect all kinds of static files such as zip, videos, images and other documents. Just change the relative path in your location block, or create a separate one. Here is an example
location /data.zip {
auth_basic "Restricted Access!";
auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
...
}
5. Restart NGINX Server
Run the following command to check syntax of your updated config file.
$ sudo nginx -t
If there are no errors, run the following command to restart NGINX server.
$ sudo service nginx reload #debian/ubuntu $ systemctl restart nginx #redhat/centos
Open browser and go to your protected static file’s URL http://your_server_ip_or_domain/download.pdf and you will see an authentication prompt indicating that it is available for only authorized users.
Please note, you may use these steps to protect downloadable assets on your websites such as PDFs, Zips, TXTs and other documents. But it is not adivsable to use them to protect CSS & JS files since they are so many of them and required for functioning of your website. If you try to password protect CSS & JS files then your website visitors will see a form for every CSS/JS file request sent from their browser.
Also read:
How to Setup Apache Virtual Host in Windows
How to Escape Percent in Apache using .htaccess
How to Log POST data in NGINX
How to Setup Catch-All Subdomain in NGINX
How to Enable PHP Error Reporting