How to protect your site with username and password using HTTP Basic Auth

NOTE: We’re working on a configuration panel so that you can edit your configs right from Moss. In the meantime, you must follow the guidelines in this article.

From time to time, you might need to protect your site with a username and a password. E.g. if you have a development environment and you don’t want it to be publicly accessible.

In this example we’ll secure a website named site with username moss and password rocks using HTTP Basic Auth. The site is owned by server user user. But first, take a quick look to the basics about fine-tuning your applications with Moss if you haven’t done it yet.

Create .htpasswd file

1. Generate the content of the .htpasswd file for the given username and password. You may use an online htpasswd tool.
2. Log into your server as user user: ssh user@<server-ip> 
3. Using your favorite text editor, create file /home/user/sites/site/.htpasswd with the content generated in step 1. E.g:

moss:$apr1$DTty1Atw$DubJSGvYhKd4cISIwPGiK0

Nginx configuration

1. Log into your server as user moss: ssh moss@<server-ip> 
2. Using sudo and your favorite text editor, add the following lines to file /etc/openresty/root_params.site:

auth_basic           "restricted site";auth_basic_user_file /home/user/sites/site/.htpasswd;

3. Restart Nginx from the Software tab