nginx and auth_basic

Question

I am trying to get basic authentication working with nginx in Ubuntu Jaunty. In nginx.conf, I added these two lines under the server context:

server {
   ...
   auth_basic "Restricted Access";
   auth_basic_user_file /etc/nginx/.htpasswd;
   ...
}

Then I apt-get'ed apache2-utils to get htpasswd, which I used to create the htpasswd file:

htpasswd -d -c /etc/nginx/.htpasswd joe

When I try to access the site, the authentication dialog comes up as expected, but when I put in the username and password, it just refreshed the dialog box. It doesn't seem to like the password I am providing it. I tried running htpasswd both with and without the -d option, but still no luck. It refused to authenticate. Any ideas what I'm doing wrong?

Any help would be appreciated.

Answer 1

Things I would check:

• Permissions on `/etc/nginx/.htpasswd` - Can the file be read by the account running nginx? You could try, temporarily, using `chmod 644` to make sure everyone can read it. If that works, then you can sort out an appropriate combination of `chown` and `chmod` settings so that nginx and you/root can read it but other users cannot (for security).
• Ensure that `htpasswd` is generating the hash in the right form; it's usually about 13 alphanumeric characters (for example `username:wu.miGq/e3nro`). The command CAN generate MD5 hashes too which would look more like `username:$apr1$hzB2K...$b87zlCYMKufOxn9ol5QV4/` these don't work with nginx.
• Look into increasing the debug output of nginx and check the error logs for clues.

Answer 2

Old thread, but no answer, and well referenced on Google.

If you get this error and have tried the other suggestions, check the permissions of the parent folder of your .htpasswd file: the nginx user (www-data by default) should have read and execute permissions (this fixed it for me).

Answer 3

Another gotcha I ran into on bash. Instead of entering my password via prompt I used the -b option of htpasswd to enter the password in-line.

$ htpasswd -nb admin test123$secure

I couldn't understand why my I kept on running into password mismatch errors, trying different encryption algorithms. I verified with curl that it worked:

$ curl -u admin:test123$secure https://example.com

Finally, the problem reveiled itself through echo

$ echo test123$secure
test123

I made the mistake of using a dolar sign ($) in bash which was interpreted as an empty variable, thus omitting everything else. This can be avoided by dropping the -b option and just using the prompt to enter the password.

Answer 4

nginx 将 401 响应识别为注销，确保您的站点没有返回 401 并再次重定向，它将陷入无限登录循环，登录 -> 401 -> 注销 -> 重定向到同一页面 -> 重复