NGINX : Allow users to password protect directories themselves?

Question

To my knowledge Nginx can only password protect directories from within the configuration file(s). That works nicely, but is not a real option for end-users who A) can not edit the configs and B) would break the configs if they could

Right now I am thinking about a webbased representation of the directory structure where they can point and click - rewriting the configs and re-kill-HUP-ing Nginx... But somehow the whole idea feels like I am about to rewrite cPanel v0.0.1 ;-)

Anybody here had the same problem and came up with an elegant and maintainable solution? I have full control over the server.

Thanks!

Answer 1

You don't really want users to change the configs, do you? For password-protection, a htpasswd-file is sufficient, if the realm always stays the same. And nginx itself can check for a file existense. So, this is what could do the job:

  location ~ ^/([^/]*)/(.*) {
        if (-f $document_root/$1/.htpasswd) {
                error_page 599 = @auth;
                return 599;
        }
  }
  location @auth {
        auth_basic "Password-protected";
        auth_basic_user_file $document_root/$1/.htpasswd;
  }

Works for me with nginx-0.7.65. 0.6.x and earlier releases are probably no-go