I've always loved that to do basic auth nginx has you make an apache2 directory and place your htpasswd in there as a best practice/recommended setup. And use apache-utils.. but I guess why reinvent the wheel.
Its overly engineered for sure, but i designed an HTAuth setup that doesnt use files, for openresty. Instead it uses lua and a database (mysql in my case) to manage users and passwords.
Overengineered, but i dont have to muck with auth files, and can keep it up to date from other sources
This is probably more ancient documentation for switchers from Apache.
The main reason for this is to make sure your htaccess file is outside of the document root. This is horrible behavior Apache had (still has?), and is a security issue.
The Apache httpd documentation has been telling people not to use .htaccess files for over twenty years.
> However, in general, use of .htaccess files should be avoided when possible. Any configuration that you would consider putting in a .htaccess file, can just as effectively be made in a <Directory> section in your main server configuration file.
Overengineered, but i dont have to muck with auth files, and can keep it up to date from other sources