To password protect a directory xyz and every file and subdirectory in it open the configuration file (nginx.conf or one of the virtual host configuration files) and add the following two lines:

location /xyz/ {
   auth_basic            "Restricted Area";
   auth_basic_user_file  conf.d/htpasswd;

htpasswd file must be encrypted, it can be created using a tool named htpasswd.

[root@xenserver ~]# cd /etc/nginx/conf.d/
[root@xenserver ~]# htpasswd -b htpasswd user password