Have I mentioned I love my Virtual Private Server? It’s 10€ per month and I discover new uses for it almost every week.

Today, I found yet another use for it: Sharing large and confidential files with your client.

My VPS has the nginx webserver running. My goal was to have one password-protected folder per company where I can upload files that only they can then see. I found this tutorial I could just follow with small adaptations. And here is how I did it:

  1. Install the package that brings the ‘htpasswd’ tool to you. In Arch Linux, this was “apache-tools”. You can do this on your local machine or on the server, as you only need it to generate a line containing a hashed password.

    Then, create a line in a new htpasswd file as such:

     htpasswd -c ~/temp/myhtaccess companyA

    This prompts you for a password, and then creates a htpasswd file at your specified path for the user ‘companyA’.

  2. Now, ssh on your VPS. Open a new (or existing) htpasswd file somewhere. The tutorial I followed used /etc/nginx/htpasswd. But since I require several directories, each with their own user, I will create one htpasswd file per company:

     # This is /etc/nginx/htpasswd_companyA

    This is the user name and the encrypted password (a dummy password here, of course).

  3. Now, create a files/ folder, and a subfolder for company A:

     mkdir -p /var/www/html/files/companyA

    You will want to change the group ownership of /var/www/html/files/companyA to www-data, and add your remote user to that group, so that uploading works:

     sudo chgrp -R /var/www/html/www-data files
     sudo chmod -R g+w /var/www/html/files
  4. Tell nginx to password protect this folder:

     # Use your favorite editor to edit this file:
     sudo emacs /etc/nginx/sites-enabled/default

    You will add a new location entry. The file should then look like this (comments removed for readability):

     server {
             listen 80 default_server;
             listen [::]:80 default_server;
             root /var/www/html;
             index index.html index.htm index.nginx-debian.html;
             server_name _;
             location / {
                     try_files $uri $uri/ =404;
             location /files/companyA {
                      auth_basic "Restricted Content!";
                      auth_basic_user_file /etc/nginx/htpasswd_companyA;
  5. Restart nginx:

     sudo service nginx restart
  6. Upload your confidential data, now from your local machine:

     scp secret_stuff.zip vps:/var/www/html/files/companyA/

    And then test downloading it from your browser. Enter your server URL, followed by files/companyA/secret_stuff.zip. You should see a user/password form, and only be able to download the data when your user and password are correct.