awsruby

Password-protect access to an application with NGINX

NOTE: We are in the process of modifying the file structure and configuration for many Bitnami stacks. On account of these changes, the file paths stated in this guide may change depending on whether your Bitnami stack uses native Linux system packages (Approach A), or if it is a self-contained installation (Approach B). To identify your Bitnami installation type and what approach to follow, run the command below:

 $ test ! -f "/opt/bitnami/common/bin/openssl" && echo "Approach A: Using system packages." || echo "Approach B: Self-contained installation."

The output of the command indicates which approach (A or B) is used by the installation, and will allow you to identify the paths, configuration and commands to use in this guide. Refer to the FAQ for more information on these changes.

To configure NGINX to request a username and password when accessing your application, follow these steps:

  • At the console, type the following commands. Remember to replace APPNAME, USERNAME and PASSWORD with your application name, desired username and desired password respectively.

    $ sudo apt-get update
    $ sudo apt-get install apache2-utils
    $ sudo htpasswd -cb /opt/bitnami/nginx/users USERNAME PASSWORD
    
  • Edit the application configuration file NGINX and add a location block as shown below:

    NOTE: Depending on your installation type, the NGINX configuration file for your application is located in the following paths:

    • Approach A (Bitnami installations using system packages): /opt/bitnami/nginx/conf/server_blocks/APPNAME-server-block.conf and /opt/bitnami/nginx/conf/server_blocks/APPNAME-https-server-block.conf
    • Approach B (Self-contained Bitnami installations): /opt/bitnami/apps/APPNAME/conf/nginx-app.conf
    location / {
        auth_basic "Restricted Area";
        auth_basic_user_file /opt/bitnami/nginx/users;
    }
    

    NOTE: If you don’t wish to protect the entire application, but only a sub-URL, create a new location block as shown above only for the sub-URL you wish to protect.

  • Restart the NGINX server:

    $ sudo /opt/bitnami/ctlscript.sh restart nginx
    

When accessing the application, you will see an authentication popup window. Enter the username and password defined in the first step:

To change the password later, run the htpasswd utility without the -c switch:

$ sudo htpasswd /opt/bitnami/users USERNAME
Last modification June 9, 2020