Nginx gives an Internal Server Error 500 after I have configured basic auth

Question

I am trying to do basic auth on Nginx. I have version 1.9.3 up and running on Ubuntu 14.04 and it works fine with a simple html file.

Here is the html file:

Answer 1

Not really an answer to your question as you are using MD5. However as this thread pops up when searching for the error, I am attaching this to it.

Similar errors happen when bcrypt is used to generate passwords for auth_basic:

htpasswd -B   

Since bcrypt is not supported within auth_basic ATM, mysterious 500 errors can be found in nginx error.log, (usually found at /var/log/nginx/error.log), they look something like this:

*1 crypt_r() failed (22: Invalid argument), ...

At present the solution is to generate a new password using md5, which is the default anyway.

Edited to address md5 issues as brought up by @EricWolf in the comments:

md5 has its problems for sure, some context can be found in the following threads

• Is md5 considered insecure?
• Is md5 still considered secure for single use authentications?

Of the two, speed issue can be mitigated by using fail2ban, by banning on failed basic auth you'll make online brute forcing impractical (guide). You can also use long passwords to try and fortify a bit as suggested here.

Other than that it seems this is as good as it gets with nginx...