Authentication for Web Admin page

I’m trying to protect the Web Admin page (where you can set what assets to play, apply some settings, etc).

Reading the instructions, my understanding is I should be able to modify the ~/.screenly/screenly.conf file and amend the basic auth section to something like this:

password = world
user = hello

However after stopping the service and rebooting, nothing appears to have changed.

I’ve also found this website ( that proposes replacing the existing with another file from elsewhere. However it seems that is quite old and when I tried that alternate option, the player stalled before the screenly log in screen.

It seems there must be another step I’m missing. Can anybody who has got their basic auth working please tell me what they did? Thank you.

I have been able to come to a satisfactory outcome using the sites-enabled section of the nginx platform that Screenly operates with.

The solution is shamelessly taken here and presented in full with context below.

1 - Create a password file with Apache 2 utils;

sudo apt-get update
sudo apt-get install apache2-utils
sudo htpasswd -c /etc/nginx/.htpasswd sammy

Substitute ‘sammy’ for whatever account name you wish to use. Upon executing this statement you will be asked to specify a password.

Confirm it worked with:

cat /etc/nginx/.htpasswd

If all is well, you should see your new username displayed with a string of gibberish that represents your password.

2 - Modify the sites-enabled file

sudo nano /etc/nginx/sites-enabled/screenly.conf

In location /
Add as the first entry:

try_files $uri $uri/ =404;
auth_basic “Restricted Content”;
auth_basic_user_file /etc/nginx/.htpasswd;

Exit and save.

3 - Restart your service;

sudo service nginx restart

4 - Navigate to your Screenly OSE web admin page and confirm a password is prompted for.

I found this far easier to implement than trying to splice together the files as indicated above.

hmm, do you mean the section here where you can do this simply from the webUI?

1 Like

Yes. Exactly that.

I can’t believe after all those google searches I never saw this, but there it is. Unbelievable.

Thank you - it’ll be easier to just set that in future than having to ssh into the Pi’s after the fact and update the sites-enabled.