How to secure a subdomain


#1

Hello, I’m trying to add HTTP access authentication to certain subdomain of my site but I don’t know how to do that.

I want to add username and password for certain url.

mysite.com/subdomain

This doesn’t work:

ee secure mysite.com/subdomain --auth

Thank you


#2

I don’t understand: you say you want to protect a subdomain, but your examples show a folder.

Anyways, I’ll explain the basics, I think you’ll be able to solve your issue once you understand what you’ll be doing.

First you need to create a .htpasswd file. I suggest it to be in nginx/conf folder.

HTPASSWDUSER="desired_username"
HTPASSWDPASS="desired_password"
printf "$HTPASSWDUSER:$(openssl passwd -crypt $HTPASSWDPASS 2> /dev/null)\n" >> /var/www/sub.domain.com/conf/nginx/.htpasswd

Now I suggest you to create a file named auth.conf in /var/www/sub.domain.com/conf/nginx with the following content:

auth_basic "Restricted Area"
auth_basic_user_file /var/www/sub.domain.com/conf/nginx/.htpasswd

That’s it.

You should test configuration in order to avoid errors, and reload Nginx:

nginx -t && service nginx reload

#3

Yes, it’s a subfolder not a subdomain.

Thank you.


#4

In such case, you should do the file /var/www/sub.domain.com/conf/nginx look like:

location ~ ^/yourfolder {
    auth_basic "Restricted Area"
    auth_basic_user_file /var/www/sub.domain.com/conf/nginx/.htpasswd
}

#5