always 403 Forbidden with Nginx .htpasswd

Question

From looking at tutorials such as this it seems relatively easy to set up .htpasswd authentication.

Here's my HTTPS block which is how I'm accessing my site:

 server {
      listen 443;
      server_name potato;
      root /var/www/html;
      ssl on; 
      ssl_certificate      /srv/ssl/cert.pem;
      ssl_certificate_key  /srv/ssl/key.pem;  

      location / {
        auth_basic "Restricted Content";
        auth_basic_user_file /usr/local/nginx/.htpasswd;
      }

  } 

I've gathered from here the following snippet to create the .htpasswd file:

 USERNAME=admin
 PASSWORD=password
 sudo printf "$USERNAME:$(openssl passwd -crypt $PASSWORD)\n" >> .htpasswd

This initially failed with a permission denied error, which I resolved by first creating an empty .htpasswd then granting myself permission via sudo chown max:max .htpasswd.

When I visit the website, I do see the Auth prompt, but I get a 403 error even I type in the correct password.

I have been fiddling with this for a while and am continuing to dig through google searches. But I'd appreciate any tips toward a likely source. It'd also be great if someone could show me a dependable way to diagnose the cause of the Auth failure.

In my access.log file I have entries like this:

73.170.238.232 - admin [05/Sep/2016:12:03:34 -0700] "GET /musicker/dist/ HTTP/1.1" 403 571 "-" "Mozilla/5.0 (X11; CrOS x86_64 8350.68.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"

but I don't see much useful information in there. You can see I'm trying to access the website at /musicker/dist/, and in Nginx my location / block is catching this and adding auth_basic.

Answer 1

Similar issue here, but the file needed to be in /config/nginx/

So, basically, steps were:

1.) Look for logs/log location Located in /config/log/nginx/error.log

2.) See error where failed login attempt was looking for .htpasswd file in /config/nginx

3.) moved existing .htpasswd file to that location For me 'mv /var/www/html/.htpasswd /config/nginx/.htpasswd'

4.) Restart swag

5.) ???

6.) Profit!

Answer 2

Though the answer is already here, I will try to explain a bit more for someone who does not get the above one.

Well, I too get the 403 Forbidden and on checking the logs:

2020/01/02 07:46:19 [error] 21521#21521: *258843 open() "/etc/ngnix/.htpasswd" failed (2: No such file or directory), client: 10.3.11.168, server: localhost, request: "GET /reports/ HTTP/1.0", host: "www.example.com"

Though I had saved the .htpasswd exactly at the location /etc/nginx/.htpasswd but it could not be find it.

Then I moved the .htpasswd to /var/www/html/.htpasswd and it resolved my error.

Thanks!

Answer 3

Thankfully I figured this out not long after the posting the question, but I think the following information would be available to others looking to solve similar problems:

The relevant logs are not in access.log, but rather in error.log.

Running this showed me that the .htaccess file was not in the expected location. Then I moved it to the correct location and was able to authenticate OK.