I've been trying to setup a password protected directory in a SSL website as follows:
/etc/nginx/sites-available/default
server {
listen 443:
ssl on;
ssl_certificate /usr/certs/server.crt;
ssl_certificate_key /usr/certs/server.key;
server_name server1.example.com;
root /var/www/example.com/htdocs/;
index index.html;
location /secure/ {
auth_basic "Restricted";
auth_basic_user_file /var/www/example.com/.htpasswd;
}
}
The problem is when I try to access the URL https://server1.example.com/secure/
, I get a "404: Not Found" error page.
My error.log shows the following error:
011/11/26 03:09:06 [error] 10913#0: *1 no user/password was provided for basic authentication,
client: 192.168.0.24, server: server1.example.com, request: "GET /secure/ HTTP/1.1",
host: "server1.example.com"
However, I was able to setup password protected directories for a normal HTTP virtual host without any problems.
Is it a problem with the config or something else?
Possibly it's a path problem for auth_basic_user_file, where your absolute path is confusing nginx:
http://wiki.nginx.org/HttpAuthBasicModule#auth_basic_user_file
I'm not sure how you have it working in the other cases. The quote from the documentation suggests that you should have to have something like:
where you'd have the password file as "/etc/nginx/htpasswd/www.example.com" if you have "/etc/nginx/nginx.conf" as your server configuration file.
You can check nginx configuration by running "sudo nginx -t". If there's a configuration error, i.e., the auth file is not where it expects it to be, it should tell you at that point.