Module ngx_http_auth_basic_module

Example Configuration
Directives
     auth_basic
     auth_basic_user_file

The ngx_http_auth_basic_module module allows limiting access to resources by validating the user name and password using the “HTTP Basic Authentication” protocol.

Access can also be limited by address or by the result of subrequest. Simultaneous limitation of access by address and by password is controlled by the satisfy directive.

Example Configuration

location / {
    auth_basic           "closed site";
    auth_basic_user_file conf/htpasswd;
}

Directives

Syntax: auth_basic string | off;
Default: 
auth_basic off;
Context: http, server, location, limit_except

Enables validation of user name and password using the “HTTP Basic Authentication” protocol. The specified parameter is used as a realm. Parameter value can contain variables (1.3.10, 1.2.7). The special value off cancels the effect of the auth_basic directive inherited from the previous configuration level.

Syntax: auth_basic_user_file file;
Default:
Context: http, server, location, limit_except

Specifies a file that keeps user names and passwords, in the following format: 

# comment
name1:password1
name2:password2:comment
name3:password3

The file name can contain variables.

Passwords are expected to be encrypted by the crypt() function. All password hashing methods as supported by the OS can be used. In particular, the following crypt() hashing methods are commonly available:

Additionally, the following cross-platform password types are supported:

Password hashes for common hashing methods can be generated using the “openssl passwd” command, for example: 

$ openssl passwd -apr1 secret
$apr1$x/muFo1c$zwUN24M2TEq.6wg0AZacn0


$ openssl passwd -6 secret
$6$FjZ1ss8ytcGmrGFY$1fopTJLuLUGCRlv2YcRPIsZk9uaD9NBOGcKsUay/BLV3RR1ol0ONS08oPTVqA4XBkZ44M7OL4K6NjP9xPKShP0

Note that HTTP Basic Authentication implies password validation on each request, and password hashing method should be choosen with this in mind.