In apache you can password protect a directory with an .htaccess file. It's a little different in nginx, although I think it's more elegant.

All you need to do is add the following two entries in the location listing in the server conf settings.

location = / {
    auth_basic "Restricted";
    auth_basic_user_file /path/to/htpasswd;

    ...
}

and then run htpasswd in the proper location:

htpasswd -c -b htpasswd <user> <pass>