Practices Contents

Authorized Logons - with htaccess

- locking website access with a password

Htaccess - Apache & Ubuntu
Htaccess - Nginx & Ubuntu

Following the server setup recommended herein (Debian10.3 with Webmin and iRedmail), the Nginx webserver will have been installed and thus here follows the setup for: Htaccess - Nginx & Ubuntu/Debian. Applying htacess, as demonstrated below, affects the entire website, closing it off to the public - making it suitable to sites where confidentiality is key.

Step 1 — Installing Apache Tools

Logon via PuTTY, using a regular user (eg. sammy)and issue these commands (USERNAME is the first username to be used):

sudo apt-get install apache2-utils
sudo htpasswd -c /etc/nginx/.htpasswd USERNAME

Note: When adding additional usernames,the last command (dropping the '-c') changes to:
sudo htpasswd /etc/nginx/.htpasswd ANOTHERUSERNAME

Tip: It is difficult to change the password on any given username. It's much more simpler just to add another username to replace one where the user has lost the password.

Logon to Webmin and go to 'Servers->Nginx Webserver' and open the target website configuration eg. and add with location directive, before the closing bracket, these as the last two lines:
auth_basic "Private Property";
auth_basic_user_file /etc/nginx/.htpasswd;

The configuration file will then look similar to:

server {
	    location / {
        try_files $uri $uri/ =404;
        auth_basic "Restricted Content";
        auth_basic_user_file /etc/nginx/.htpasswd;

With these changes, Webmin will automatically request one to restart the Nginx webserver. Thereafter when one now wishing to visit the website, a dialog box appears requesting a username and password.