Nginx Basic Authentication with Source IP Whitelisting

Quick post on how to setup HTTP Basic Authentication and whitelist IP Based Sources to not get prompted for Authentication.

This could be useful for systems interacting with Nginx, so that they don't have to provide authentication.

Dependencies:

Install nginx and the package required to create the auth file:

$ apt install nginx apache2-utils -y

Create the Password file:

$ htpasswd -c /etc/ngins/secrets admin

Configuration:

Create the site config:

$ rm -rf /etc/nginx/conf.d/*.conf
$ vim /etc/nginx/conf.d/default.conf
server {
    listen       80;
    server_name  localhost;

    location / {
        satisfy any;
        allow 127.0.0.1;
        deny all;

        auth_basic "restricted";
        auth_basic_user_file /etc/nginx/secrets;
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

Reload the Changes:

$ nginx -s reload

Testing:

Testing from our Whitelisted location (localhost):

curl -i http://127.0.0.1
HTTP/1.1 200 OK

Testing from remote location:

$ curl -i http://localhost
HTTP/1.1 401 Unauthorized

$ curl -i http://admin:password@localhost
HTTP/1.1 200 OK