Securing a Backend Service with Nginx and Basic Authentication

devop |

With Nginx it's very easy to expose a backend service via Basic Authentication.

Given you already have SSL (Secure Sockets Layer) configured this can be a valid and quick solution.

location ^~ /sample-monster-generator {
    auth_basic "Planets Testers Only";
    auth_basic_user_file /etc/nginx/htaccess.planets;
    proxy_pass http://localhost:666;
}

BEWARE: Before you consider this option for your performance tests you should step back an read this: Like Apache: .htaccess

You can’t do this. You shouldn’t. If you need .htaccess, you’re probably doing it wrong.

Anyway there are use-cases for this scenario. We need htaccess:

apt-get install apache2-utils

...and create /etc/nginx/htaccess.planets with

htpasswd -c htaccess.planets fluffi

Real World Example: Jenkins

Given your Jenkins is up and running locally and you want to use Nginx as proxy.

location ^~ /jenkins {
    auth_basic "Invited users only";
    auth_basic_user_file /etc/nginx/htaccess.jenkins;
    proxy_pass          http://127.0.0.1:8080;
}