location / {
    index index.html index.htm;
    auth_basic "Login";
    auth_basic_user_file /var/www/.htpasswd;
}

# Protect hidden file to read/write access
location ~ /\. {
    deny all;
}