Docs

HTTP-auth

HTTP-auth let visitors to sign in to a secret zone using server requests. You can set a password to a file, folder or whole website.

In old Apache you can set up this in .htaccess. It's not for nginx.

Open winginx\conf\vhosts and find there an individual host config, or create if missing.

Add a location with the name of that folder, you want to set secret. Write some directives of the ngx_http_auth_basic_module.

server {
  ...

  location /secret_dir/ {
    auth_basic "Restricted zone";
    auth_basic_user_file .htpasswd;
  }

  ...
}

A auth_basic_user_file directive sets a password file (relative to winginx\conf).

A password file .htpasswd contains logins and encrypted passwords:

john:6$7a0s2Gv4U2I
mary:BsduVclZo84u6
bill:QYJYno4Rq41oY
alex:bwO.ffidNBFdo

HTTP-auth password encrypter

Winginx © Alexei Shabalin, 2011-2016