Basic-Auth for Shopware 6 with nginx

Unlike Apache2, where basic-auth is set in the local .htaccess file, in nginx it is set in the server's vhosts file. The downside is that it is difficult to integrate into the CI/CD pipeline. The upside is that it is defined per server by definition and thus doesn't require CI/CD procedures to take care of what the deployment's target (e.g. production, staging, ...) is.

First of all, create an .htpasswd file suiting your needs. A variety of online tools exist for this task. If you have access to a Unix/Ubuntu system, the clean way to go is to run the hdpasswd command:

htpasswd -c .htpasswd <user>

htpasswd will prompt you for the basic auth password.

Then locate and edit the nginx vhost file. At its head, preceding the server section, add the following lines:

map $request_uri $auth_type {
  default "off";
  ~/api/* "off";
  ~* "vanWittlaer Demo Site";
}
...

The above code sets a variable $auth_type to either "off" or to "vanWittlaer Demo Site" (or any other text you chose). Further down in the vhost file, and inside the server section, add the following two lines:

...
auth_basic $auth_type;
auth_basic_user_file <path-to-your-htpasswd-file>/.htpasswd;
...