SpinupWP is a great hosting platform for people who want to own their own cloud servers, but not have to worry about running a web stack. It also has a simple feature in the dashboard to enable Basic Authentication for an entire website domain. It cannot, however, do this for just a specific subdirectory (or subfolder if you prefer).

I wanted to do this and it’s quite straightforward via command line. Also, after checking with SpinupWP, although this cannot be controlled via their web dashboard, this also should NOT interfere with the web dashboard or any other of SpinupWP’s functions (as of 2025-01-06).

This assumes I want to give this subdirectory (only) basic authentication:
www.example.com/sudirectory/

SSH into your webserver using Terminal

ssh sudo-user@example.com

Generate a Username and Password for Basic Authentication

sudo htpasswd -c /etc/nginx/sites-available/www.example.com/.subdirectorypasswd basicauthusername

Change the basicauthusername to whatever username you want to enter in the Basic Auth. When prompted, enter a password — you won’t see anything while you type — and hit Enter.

This results in this:

New password:
Re-type new password:
Adding password for user basicauthusername

Create a .conf file for your Subdirectory

sudo nano /etc/nginx/sites-available/www.example.com/server/subdirectory-basic-auth.conf

This can be named whatever you like, since all files in this directory are read for site configuration.

The contents of this file should be:

location /subdirectory/ {
    satisfy any;
    #allow 123.123.123.123; # Whitelist any IPs here to prevent them from having to type in a username and password. Most often your own static IP. But if you do this you can't test this :)
    deny all;

    auth_basic "Basic Authentication";
    auth_basic_user_file /etc/nginx/sites-available/www.example.com/.subdirectorypasswd;
}

Then save and exit the file.

Check your nginx config

sudo nginx -t

You may get some [warn] lines that you can ignore. What you’re looking for, if you haven’t made any mistakes in this new .conf file, is these last two lines:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If you don’t get these, work on your new .conf file until you get a clean test!

Restart nginx

sudo systemctl reload nginx

Troubleshooting

If you don’t get presented with the login prompt, make sure the subdirectory you are protecting actually exists (ask me how I know this…) and that you haven’t made any typos.

Let me know if there’s any errors or if you have a better, simpler way to do this.