To my understanding Nginx are only able to password safeguard sites from inside the configuration file(s). That actually works nicely, however is not a genuine selection for finish-customers who A) cannot edit the configs and B) would break the configs when they could

Right now i'm considering a webbased representation from the directory structure where they are able to point and click on - spinning the configs and re-kill-HUP-ing Nginx... But in some way the entire idea feels as though I'm going to rewrite cPanel v0..1 -)

Anybody here had exactly the same problem and emerged with a stylish and maintainable solution? I've full treatments for the server.


You do not want customers to alter the configs, would you? For password-protection, a htpasswd-file is enough, when the realm always stays exactly the same. And nginx itself can look into the file existense. So, this is exactly what could get the job done:

  location ~ ^/([^/]*)/(.*) 


  location @auth fundamental "Password-protected"

        auth_fundamental_user_file $document_root/$1/.htpasswd


Works best for me with nginx-.7.65. .6.x and earlier releases are most likely no-go