Laravel Forge - Password Protect a Folder

Posted on June 17, 2014 | By Matt Stauffer

Warning: This post is over a year old. I don't always update old posts with new information, so some of this information may be out of date.

Now that the initial hubbub of trying out new Laravel apps in Forge is over, we've started to put more non-Laravel sites on Forge as well.

Today I needed to get an old CodeIgniter site online somewhere, password-protected, to train someone on. So, I spun up a new site on one of my Forge servers, uploaded the code, ran the migrations, and was ready to go--until I realized I didn't know how to password protect a folder in Nginx.

Thankfully, it's almost easier than it is in Apache.

Generate htpasswd file

Just like when you're password protecting a folder in Apache, you'll need to generate a htpasswd file. You can create the htpasswd file locally or use DynamicDrive's web-based htpasswd generator. Either way, you should end up with a small text file that convention suggests you name .htpasswd.

Upload this file to your remote server. I like to put it in the web root for my site and then git ignore it (and, of course, if you're serving the site from the web root you'll want to move it above that level). So my file will live in /home/forge/my-site-name-here/.htpasswd.

Point Nginx config to htpasswd

Now log into Forge. Edit the site you want to password protect. Click the edit icon in the lower right hand corner of the site edit panel, and a box to edit your Nginx config file will pop up.

Forge Site Edit Icon

If you want to password protect the entire site, just append a few lines to the end of the location / block, taking it from this:

location / {
        try_files $uri $uri/ /index.php?$query_string;

to this:

location / {
        try_files $uri $uri/ /index.php?$query_string;

        auth_basic            "Restricted Area";
        auth_basic_user_file  /home/forge/my-site-name-here/.htpasswd;

If you want to just password protect a particular folder, create a new location {} block and place the auth instructions there. Learn more about location blocks at the Nginx docs.

Now save the Nginx config in Forge. Forge will auto-apply the config, so you won't need to restart Nginx manually.

That's it

Next time you visit this site, you'll see the (probably) familiar HTTP authentication popup. All done!

Forge Password Prompt

Comments? I'm @stauffermatt on Twitter

Tags: forge  •  htpasswd  •  nginx