---
title: Securing Nginx pages with a password
description: Short guide on securing pages behind a reverse proxy with a web-server based password. Useful for containers without authentication support.
published: true
date: 2022-04-30T20:10:53.225Z
tags: config, nginx
editor: markdown
dateCreated: 2021-08-26T20:29:51.514Z
---

# Securing Nginx pages with a password

Hiding every site behind a secure password is quite easy with nginx.

> As it turns out, Nginx (and web servers in general) only support rather old hashing protocols.
While probably sufficient with SSL, **use other solutions, like builtins (or better yet, Authelia) where possible**. 
And if you do use this method, **use a strong password!**
{.is-danger}

## Create authentication file

First, from the web server’s directory (in our case, the `swag` container’s directory, create an `.htpasswd` file with the user you’d like to authenticate with, like so:  
`sh -c "echo -n 'shmick:'" > /Red-Vol/Media/Containers/swag/config/nginx/.htpasswd`

> This command will overwrite any previous credentials in this file, if it exists.
{.is-warning}
## Generate and salt a password

You can use `openssl` to generate the password:  
`sh -c "openssl passwd -apr1" >> /Red-Vol/Media/Containers/swag/config/nginx/.htpasswd`

This will prompt you to enter and confirm a password, and will output a hash into the `.htpasswd` file.

## Point webpage to authentication file

By default, sites won’t reach for the file to authenticate. To point a site to authenticate using the file, you’ll need to add the following in their configuration:

```plaintext
location / {
        # enable the next two lines for http auth
        auth_basic "Restricted";
#										^ Message displayed in pop-up window
        auth_basic_user_file /config/nginx/.htpasswd;
```

> You may need to restart nginx for the configuration to take effect.
{.is-info}
## All done!

Finally, you should see a pop up when you browse to the site:

![](/nginx_auth.png)

Example pop-up window