配置基本身份验证后,Nginx 出现内部服务器错误 500 [英] Nginx gives an Internal Server Error 500 after I have configured basic auth
问题描述
我正在尝试在 Nginx 上进行基本身份验证.我在 Ubuntu 14.04 上启动并运行了 1.9.3 版,它可以在一个简单的 html 文件中正常工作.
I am trying to do basic auth on Nginx. I have version 1.9.3 up and running on Ubuntu 14.04 and it works fine with a simple html file.
这里是html文件:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title></title>
</head>
<body>
"Some shoddy text"
</body>
</html>
这是我的 nginx.conf 文件:
And here is my nginx.conf file:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name 192.168.1.30;
location / {
root /www;
index index.html;
auth_basic "Restricted";
auth_basic_user_file /etc/users;
}
}
}
我使用 htpasswd 在/etc 下的users"文件中创建了两个用户(用户名calvin"密码Calvin",用户名hobbes"密码Hobbes").它的加密方式如下:
I used htpasswd to create two users in the "users" file under /etc (username "calvin" password "Calvin", and username "hobbes" password "Hobbes"). It's encrypted by looks like this:
calvin:$apr1$Q8LGMfGw$RbO.cG4R1riIfERU/175q0
hobbes:$apr1$M9KoUUhh$ayGd8bqqlN989ghWdTP4r/
所有文件都属于 root:root.服务器 IP 地址是 192.168.1.30,我直接在 conf 文件中引用它.
All files belong to root:root. The server IP address is 192.168.1.30 and I am referencing that directly in the conf file.
如果我注释掉两个 auth 行并重新启动 nginx 一切正常,但是如果我取消注释它们,那么当我尝试加载站点时确实会收到用户名和密码提示,但此后立即收到错误 500内部服务器错误似乎持续存在,我必须重新启动 nginx.
It all works fine if I comment out the two auth lines and restart nginx, but if I uncomment them, then I do indeed get the username and password prompts when I try to load the site, but immediately thereafter get an Error 500 Internal Server error which seems to persist and I have to restart nginx.
任何人都可以看到我在这里做错了什么?我在标准的 Ubuntu 14.04 apt-get 版本的 Nginx (1.4.something) 上有相同的行为,所以我认为它不是 nginx 版本.
Anybody can see what I'm doing wrong here? I had the same behaviour on the standard Ubuntu 14.04 apt-get version of Nginx (1.4.something) so I don't think it's the nginx version.
推荐答案
当您使用 MD5 时,这并不是您问题的真正答案.但是,由于在搜索错误时弹出此线程,因此我将其附加到该线程中.
Not really an answer to your question as you are using MD5. However as this thread pops up when searching for the error, I am attaching this to it.
使用bcrypt 为auth_basic 生成密码时会发生类似的错误:
Similar errors happen when bcrypt is used to generate passwords for auth_basic:
htpasswd -B <file> <user> <pass>
由于 auth_basic ATM 不支持 bcrypt,因此可以在 nginx error.log 中找到神秘的 500 错误(通常在 /var/log/nginx/error.log),它们看起来像这样:
Since bcrypt is not supported within auth_basic ATM, mysterious 500 errors can be found in nginx error.log, (usually found at /var/log/nginx/error.log), they look something like this:
*1 crypt_r() failed (22: Invalid argument), ...
目前的解决方案是使用 md5 生成新密码,无论如何都是默认的.
At present the solution is to generate a new password using md5, which is the default anyway.
md5 肯定有问题,可以在以下线程中找到一些上下文
md5 has its problems for sure, some context can be found in the following threads
在这两者中,速度问题可以通过使用 fail2ban 来缓解,通过禁止失败的基本身份验证将使在线暴力破解变得不切实际(指南).您还可以使用长密码尝试按照建议的方式进行一些强化 此处.
Of the two, speed issue can be mitigated by using fail2ban, by banning on failed basic auth you'll make online brute forcing impractical (guide). You can also use long passwords to try and fortify a bit as suggested here.
除此之外,这似乎与 nginx 一样好......
Other than that it seems this is as good as it gets with nginx...
这篇关于配置基本身份验证后,Nginx 出现内部服务器错误 500的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
