I have a wordpress website. I want to make some files available only via a username/password authentication. For this I simply want to use the nginx authentication. So I did the following steps.
1) Create a .htpasswd file with an encrypted password for user asdf: sudo htpasswd -c /etc/nginx/.htpasswd asdf
I am then prompted to enter and re-enter the password. The file is created and has the following permission rights:
-rw-r--r-- 1 root root 43 Jan 26 13:39 .htpasswd
2) I change the nginx configuration by adding the following block:
location /targetfolder/pdf {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
}
/targetfolder/pdf is the location where the files reside that should be password protected.
3) I then restart nginx: sudo service nginx restart.
Then I browse to the folder and am prompted for the credentials. After entering the correct credentials I get an 403 forbidden nginx error message.
The error in error.log says:
2020/01/26 13:45:21 [error] 29853#0: *3 directory index of "/var/www//targetfolder/pdf/" is forbidden, client: xx.xxx.xxx.xxx, server: example.com, request: "GET /targetfolder/pdf/ HTTP/1.1", host: "example.com"
What am I doing wrong? I have already tried different solutions such a trying different locations for .htpasswd, setting the index-files in the nginx-configuration etc. Could it have something to do with wordpress? Could it be that something goes wrong when encrypting/decrypting the entered password?
FWIW, nginx is running with the root user. the command ps aux | grep nginx returns.
root 29849 0.0 0.1 91836 3060 ? Ss 13:44 0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
