配置基本身份验证后,Nginx给出内部服务器错误500 [英] Nginx gives an Internal Server Error 500 after I have configured basic auth
问题描述
我正在尝试在Nginx上进行基本身份验证.我已经在Ubuntu 14.04上启动并运行了1.9.3版,它可以与一个简单的html文件一起正常工作.
I am trying to do basic auth on Nginx. I have version 1.9.3 up and running on Ubuntu 14.04 and it works fine with a simple html file.
这是html文件:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title></title>
</head>
<body>
"Some shoddy text"
</body>
</html>
这是我的nginx.conf文件:
And here is my nginx.conf file:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name 192.168.1.30;
location / {
root /www;
index index.html;
auth_basic "Restricted";
auth_basic_user_file /etc/users;
}
}
}
我使用htpasswd在/etc下的用户"文件中创建了两个用户(用户名"calvin"密码"Calvin",用户名"hobbes"密码"Hobbes").加密方式如下:
I used htpasswd to create two users in the "users" file under /etc (username "calvin" password "Calvin", and username "hobbes" password "Hobbes"). It's encrypted by looks like this:
calvin:$apr1$Q8LGMfGw$RbO.cG4R1riIfERU/175q0
hobbes:$apr1$M9KoUUhh$ayGd8bqqlN989ghWdTP4r/
所有文件都属于root:root.服务器IP地址为192.168.1.30,我直接在conf文件中引用该地址.
All files belong to root:root. The server IP address is 192.168.1.30 and I am referencing that directly in the conf file.
如果我注释掉两个身份验证行并重新启动nginx,一切都很好,但是如果我取消注释,那么当我尝试加载站点时确实会得到用户名和密码提示,但此后立即得到错误500内部服务器错误似乎仍然存在,我必须重新启动Nginx.
It all works fine if I comment out the two auth lines and restart nginx, but if I uncomment them, then I do indeed get the username and password prompts when I try to load the site, but immediately thereafter get an Error 500 Internal Server error which seems to persist and I have to restart nginx.
任何人都可以在这里看到我做错了什么吗?我在标准的Ubuntu 14.04 apt-get版本的Nginx(1.4.something)上具有相同的行为,因此我认为它不是nginx的版本.
Anybody can see what I'm doing wrong here? I had the same behaviour on the standard Ubuntu 14.04 apt-get version of Nginx (1.4.something) so I don't think it's the nginx version.
推荐答案
在使用MD5时,这并不是对您的问题的真正答案.但是,当搜索错误时此线程弹出时,我将其附加到该错误上.
Not really an answer to your question as you are using MD5. However as this thread pops up when searching for the error, I am attaching this to it.
使用bcrypt生成auth_basic的密码时,会发生类似的错误:
Similar errors happen when bcrypt is used to generate passwords for auth_basic:
htpasswd -B <file> <user> <pass>
由于auth_basic ATM不支持bcrypt,因此可以在nginx error.log(通常在/var/log/nginx/error.log中找到)中发现神秘的500个错误,它们看起来像这样:
Since bcrypt is not supported within auth_basic ATM, mysterious 500 errors can be found in nginx error.log, (usually found at /var/log/nginx/error.log), they look something like this:
*1 crypt_r() failed (22: Invalid argument), ...
目前的解决方案是使用md5生成新密码,该密码仍然是默认密码.
At present the solution is to generate a new password using md5, which is the default anyway.
md5 肯定有问题,可以在以下线程中找到一些上下文
md5 has its problems for sure, some context can be found in the following threads
- Is md5 considered insecure?
- Is md5 still considered secure for single use authentications?
在这两个之间,可以通过使用 fail2ban 来缓解速度问题禁止失败的基本身份验证将使在线暴力破解变得不切实际(此处.
Of the two, speed issue can be mitigated by using fail2ban, by banning on failed basic auth you'll make online brute forcing impractical (guide). You can also use long passwords to try and fortify a bit as suggested here.
除此之外,这似乎和nginx一样好...
Other than that it seems this is as good as it gets with nginx...
这篇关于配置基本身份验证后,Nginx给出内部服务器错误500的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
