nginx and auth_basic

Asked 6/1, 2010 at 2:59 Answered 17/1, 2022 at 4:40

I am trying to get basic authentication working with nginx in Ubuntu Jaunty. In nginx.conf, I added these two lines under the server context:

server {
   ...
   auth_basic "Restricted Access";
   auth_basic_user_file /etc/nginx/.htpasswd;
   ...
}

Then I apt-get'ed apache2-utils to get htpasswd, which I used to create the htpasswd file:

htpasswd -d -c /etc/nginx/.htpasswd joe

When I try to access the site, the authentication dialog comes up as expected, but when I put in the username and password, it just refreshed the dialog box. It doesn't seem to like the password I am providing it. I tried running htpasswd both with and without the -d option, but still no luck. It refused to authenticate. Any ideas what I'm doing wrong?

Any help would be appreciated.

Saylor answered 6/1, 2010 at 2:59 Comment(2)

Did you try relative path for "auth_basic_user_file"? – Pulsatory 7/1, 2010 at 23:32

@KP can you share what fixed this for you? – Osugi 16/4, 2014 at 7:50

Things I would check:

Permissions on `/etc/nginx/.htpasswd` - Can the file be read by the account running nginx? You could try, temporarily, using `chmod 644` to make sure everyone can read it. If that works, then you can sort out an appropriate combination of `chown` and `chmod` settings so that nginx and you/root can read it but other users cannot (for security).
Ensure that `htpasswd` is generating the hash in the right form; it's usually about 13 alphanumeric characters (for example `username:wu.miGq/e3nro`). The command CAN generate MD5 hashes too which would look more like `username:$apr1$hzB2K...$b87zlCYMKufOxn9ol5QV4/` these don't work with nginx.
Look into increasing the debug output of nginx and check the error logs for clues.

Oft answered 5/7, 2011 at 9:15 Comment(2)

according to the docs at nginx.org/en/docs/http/ngx_http_auth_basic_module.html "the Apache variant of the MD5-based password algorithm (apr1)" is now supported – Metage 6/2, 2014 at 5:16

Even docs points that the "Apache variant is now supported", I only solved this problem using a PLAIN algorithm. Unfortunately, with debug log in nginx, the message was still "open() ".htpasswd" failed (13: Permission denied)", which probably is the internal root cause of the problem (looking under nginx's developer perspective), but is useless when you're trying to troubleshoot. – Justly 17/11, 2016 at 22:59

Old thread, but no answer, and well referenced on Google.

If you get this error and have tried the other suggestions, check the permissions of the parent folder of your .htpasswd file: the nginx user (www-data by default) should have read and execute permissions (this fixed it for me).

Moretta answered 21/4, 2015 at 13:26 Comment(0)

Another gotcha I ran into on bash. Instead of entering my password via prompt I used the -b option of htpasswd to enter the password in-line.

$ htpasswd -nb admin test123$secure

I couldn't understand why my I kept on running into password mismatch errors, trying different encryption algorithms. I verified with curl that it worked:

$ curl -u admin:test123$secure https://example.com

Finally, the problem reveiled itself through echo

$ echo test123$secure
test123

I made the mistake of using a dolar sign ($) in bash which was interpreted as an empty variable, thus omitting everything else. This can be avoided by dropping the -b option and just using the prompt to enter the password.

Belgium answered 12/10, 2015 at 18:3 Comment(0)

nginx recognize 401 response as logout, make sure your site is not returning 401 and redirecting again, it will fall into infinite login loop as logged in -> 401 -> logged out -> redirect to same page -> repeat

Katha answered 17/1, 2022 at 4:40 Comment(0)

Recommended topics

Hot tags