Comments (15)
Is the container that you want basic auth using it's own distinct virtual hostname? If so, are you mapping it in the parent directory as -v /path/to/httaccess/files:/etc/nginx/htpasswd
and there is an htaccess file name mydomain.com
in /path/to/httaccess/files
?
Basically, nginx-proxy will look for a file named after the VIRTUAL_HOST
values in the /etc/nginx/htpasswd
dir. If one exists, it will enable basic auth for that domain.
You might want to docker exec -it nginx-proxy bash
a running nginx-proxy container and inspect the /etc/nginx/htpasswd
directory permissions. Maybe the nginx user is not able to see that directory for some reason.
from nginx-proxy.
Thanks for the reply. I feel that it's the latter.
I am using the -v option as you described. I will attach the bash to it and see how the permissions look on the /etc/nginx/htpasswd file. Thanks!
from nginx-proxy.
I think the issue is that the nginx-proxy
image expects /etc/nginx/htpasswd
to be a directory with files named after the VIRTUAL_HOST
, while @kcrumpton87 expects /etc/nginx/htpasswd
to be a file.
The "permission denied" error is misleading.
from nginx-proxy.
Hi @md5
In my nginx-proxy container's logs it is actually looking for /etc/nginx/htpasswd/vhost.mydomain.com and subsequently getting a permission denied. Sorry if it wasn't clear but I believe the bind mount is working as intended in that regard; perhaps not carrying over permissions correctly. I'm in the process of spinning up a new instance to investigate with the bash tool.
from nginx-proxy.
Have you tried using -v /path/to/htpasswdfile:/etc/nginx/htpasswd/ <--- trailing slash
? I know some parts of docker treat mounts/copies different, depending on the trailing slash.
Might be nothing, but worth a try
from nginx-proxy.
After investigating within the container I've found that htpasswd does not exist within the /etc/nginx directory. So I will try what you have suggested @thaJeztah. Thanks!
from nginx-proxy.
Still having issues with this. Actually appending the trailing forward slash did not help. When I go to the machine's bash it still shows no htpasswd folder within /etc/nginx.
from nginx-proxy.
from nginx-proxy.
@md5 am not using boot2docker. This is actually running on an Ubuntu 14.04 machine.
from nginx-proxy.
Also I noticed that the error goes away if the file mode of the htpasswd file to 0777 (not something I want to do in actuality).
from nginx-proxy.
The Nginx worker processes are running as www-data:www-data
(33:33
). Could you chown
the file to that uid and gid and see if it works? It looks like the Nginx worker processes may need to access auth_basic_user_file
and not just the initial root
Nginx process.
from nginx-proxy.
@md5 I have actually tried that. It did not work. More interestingly the SSL certificates are readable by the process.
from nginx-proxy.
I had this problem too. After some attempts I got this working with:
# inside the nginx container
chmod -R 0654 /etc/nginx/
chown -R :www-data /etc/nginx/
from nginx-proxy.
@maxcnunes A better (more restrictive) solution is to change the group of the htpasswd files to www-data
and assign chmod 640.
In my example I have a single htpasswd file (/etc/nginx/management.htpasswd
), and a folder full of htpasswd files (/etc/nginx/htpasswd
).
The www-data
user will have permissions to list files in /etc/nginx
and /etc/nginx/htpasswd
and will be able to read the file /etc/nginx/management.htpasswd
and all files in /etc/nginx/htpasswd
. The user will not be able to read other files or list files in other directories.
chmod -R o-rwx /etc/nginx # world should not be able to see anything
chmod o+rx /etc/nginx # but needs permission to list files inside
chgrp -R www-data /etc/nginx/htpasswd /etc/nginx/management.htpasswd # these file and directory will be accessible for the www-data user
chmod -R g+rx /etc/nginx/htpasswd # give read+list permission to group
chmod g+r /etc/nginx/management.htpasswd # give read permission to file
Verify permissions afterwards:
$ sudo -u www-data ls -l /etc | grep nginx
drwxr-xr-x 7 root root 4096 Feb 29 21:46 nginx
$ sudo -u www-data ls -l /etc/nginx
total 72
drwxr-x--- 2 root root 4096 Feb 28 20:57 certs
drwxr-x--- 2 root root 4096 Feb 27 12:34 conf.d
-rw-r----- 1 root root 1259 Feb 29 22:24 fastcgi_params
drw-r-x--- 2 root www-data 4096 Mar 1 09:02 htpasswd
-rw-r----- 1 root root 2837 Feb 24 18:02 koi-utf
-rw-r----- 1 root root 2223 Feb 24 18:02 koi-win
-rw-r----- 1 root www-data 43 Feb 28 21:14 management.htpasswd
-rw-r----- 1 root root 3957 Feb 24 18:02 mime.types
lrwxrwxrwx 1 root root 22 Feb 24 18:02 modules -> /usr/lib/nginx/modules
-rw-r----- 1 root root 1046 Feb 29 20:22 nginx.conf
-rw-r----- 1 root root 258 Feb 27 12:52 php_config
-rw-r----- 1 root root 334 Feb 29 19:54 proxy_params
-rw-r----- 1 root root 636 Feb 24 18:02 scgi_params
drwxr-x--- 2 root root 4096 Mar 1 22:57 sites-available
drwxr-x--- 2 root root 4096 Mar 1 22:57 sites-enabled
-rw-r----- 1 root root 1135 Feb 29 22:30 ssl_config
-rw-r----- 1 root root 664 Feb 24 18:02 uwsgi_params
-rw-r----- 1 root root 3610 Feb 24 18:02 win-utf
-rw-r----- 1 root root 103 Feb 29 17:51 ws_params
$ sudo -u www-data cat /etc/nginx/nginx.conf
cat: /etc/nginx/nginx.conf: Permission denied
$ sudo -u www-data cat /etc/nginx/conf.d
cat: /etc/nginx/conf.d: Permission denied
$ sudo -u www-data cat /etc/nginx/management.htpasswd
... # should work
$ sudo -u www-data cat /etc/nginx/htpasswd/*
... # should work
from nginx-proxy.
Seems to be an issue migrating from extremely old versions. Resolved by now, closing.
from nginx-proxy.
Related Issues (20)
- Broken testcase test/test_host-network-mode/test_host-network-mode.py HOT 1
- SSH Certificates will Not Update HOT 1
- HTTP/2 Rapid Reset Attack HOT 2
- Unable to download python requirements for testing HOT 1
- default.conf config file formatting corrupted and hardly readable (nginx -T) HOT 1
- Issue with Bookstack urls being re-written to http not https HOT 2
- 403 Forbidden error when serving static site HOT 1
- Cannot reach container in IPv6 network HOT 4
- Regression in Behavior with Fix #2186 Affecting SSL Connections HOT 9
- "daemon" directive is duplicate in /etc/nginx/nginx.conf error HOT 3
- connect() failed (111: Connection refused) while connecting to upstream HOT 2
- vhost.d for http part
- 502 Bad Gateway & Upstream connection refused HOT 5
- host header does not include port number HOT 2
- `nginx-proxy` pass converting `%1C` to pipe `|` HOT 1
- 405 (cors error) on specific location
- The server connection via port 443 fails when using PHP 8.1 or above HOT 2
- Error 500 On Service Start
- htpasswd folder doesn't work anymore / no basic auth HOT 1
- Can't get .conf.template files to work with env variables/file. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nginx-proxy.