nginx and auth_basic

Question

I am trying to get basic authentication working with nginx in Ubuntu Jaunty. In nginx.conf, I added these two lines under the server context:

server {
   ...
   auth_basic "Restricted Access";
   auth_basic_user_file /etc/nginx/.htpasswd;
   ...
}

Then I apt-get'ed apache2-utils to get htpasswd, which I used to create the htpasswd file:

htpasswd -d -c /etc/nginx/.htpasswd joe

When I try to access the site, the authentication dialog comes up as expected, but when I put in the username and password, it just refreshed the dialog box. It doesn't seem to like the password I am providing it. I tried running htpasswd both with and without the -d option, but still no luck. It refused to authenticate. Any ideas what I'm doing wrong?

Any help would be appreciated.

Answer 1

Things I would check:

• Permissions on `/etc/nginx/.htpasswd` - Can the file be read by the account running nginx? You could try, temporarily, using `chmod 644` to make sure everyone can read it. If that works, then you can sort out an appropriate combination of `chown` and `chmod` settings so that nginx and you/root can read it but other users cannot (for security).
• Ensure that `htpasswd` is generating the hash in the right form; it's usually about 13 alphanumeric characters (for example `username:wu.miGq/e3nro`). The command CAN generate MD5 hashes too which would look more like `username:$apr1$hzB2K...$b87zlCYMKufOxn9ol5QV4/` these don't work with nginx.
• Look into increasing the debug output of nginx and check the error logs for clues.

Answer 2

Old thread, but no answer, and well referenced on Google.

If you get this error and have tried the other suggestions, check the permissions of the parent folder of your .htpasswd file: the nginx user (www-data by default) should have read and execute permissions (this fixed it for me).