LoginGet PDF Embedder

PDF Embedder Documentation

Documentation, Reference Materials, and Tutorials for PDF Embedder

Get access to
Powerful Features!

Mobile-Ready PDF Viewer

Secure PDF Sharing

Dynamic Watermark Protection

Track Document Performance

…and much more

Get PDF Embedder →
Home » Documentation » Guides & Configuration » Serving Protected Files under Nginx

Serving Protected Files under Nginx

PDF Embedder Secure feature is a Pro plan feature.

Upgrade your license to unlock the PDF Embedder Secure feature and other powerful features.

Running the PDF Embedder Secure feature on an Nginx server? PDF Embedder protects files in the /securepdfs/ directory by making an edit to the .htaccess file. However, Nginx does not process .htaccess. Without a manual configuration change, those access controls do nothing, and your secure PDFs remain directly downloadable.

This guide covers how to add the required Nginx location block to enforce PDF Embedder Secure’s access rules, including separate instructions for Kinsta hosting.

Why Nginx Needs Extra Configuration

PDF Embedder Secure ships a .htaccess file that blocks direct requests to the /securepdfs/ directory. Apache reads and applies this file automatically. Nginx has no equivalent mechanism and does not read .htaccess at all. The same rules must be written directly into the Nginx server block configuration.

Configuring a Standard Nginx Server

Add the following location block inside the server {} block of your Nginx configuration file:

location ~ ^/(wp-content/uploads/securepdfs) {
    allow 127.0.0.1;
    deny all;
    proxy_pass http://127.0.0.1:6776;
    return 403;

    location ~ "\.(jpg|png|gif|mp3|ogg)$" {
        allow all;
    }
}
Code language: JavaScript (javascript)

This block returns a 403 error for all direct requests to the securepdfs directory, except for image and audio files. Requests from localhost (127.0.0.1) are forwarded to the PDF Embedder proxy on port 6776, which handles permission validation and file delivery.

After saving the file, reload Nginx for the change to take effect.

Configuring Nginx on Kinsta

Kinsta uses a customised Nginx setup. The same location block applies, but two conditions must be met:

  1. Confirm with Kinsta support that your site’s localhost IP is 127.0.0.1. If their configuration uses a different address, the block will not work as written.
  2. Place the block at the top of the server {} block, before any other location directives. This gives the rule priority over other patterns that could match the same path.

Flywheel Hosting

Flywheel runs Nginx under the hood. Follow the standard configuration steps above. If you do not have direct access to the Nginx configuration file, contact Flywheel support and provide them with the location block to add on your behalf.

Verifying the Configuration

After applying the configuration, test that direct access is blocked. Copy the PDF URL from your shortcode or block:

https://example.com/wp-content/uploads/securepdfs/2015/01/file.pdf
Code language: JavaScript (javascript)

Paste it directly into a browser. A 403 error confirms the block is working. If the PDF loads, check that the location block is inside the correct server {} block and that Nginx has been reloaded.

Still have questions? We’re here to help!

Submit a Support Ticket
Contact Us

Last Modified: