DO Ideas 2

Security concern in tutorial regarding nginx and http basic auth


i read your tutorial:

i would urge you to add the following lines to the nginx config for security reasons:

location ~ ^/\.ht {
deny all;

otherwise anyone can just go and download the htpasswd file. I think this is especially important since the tutorial is directed at beginners who might not know this.

  • Joakim Reinert
  • Sep 11 2018
  • Will not implement
  • Sep 11, 2018

    Admin Response

    Hi! Thank you for catching that! That does seem to be a concerning oversight. I've updated the article, fixing it in a different way. Do you have a DigitalOcean account? Drop me a line at Thanks again!
  • Attach files