1

I've a django web application hosted in AWS Elastic Beanstalk with Docker and Nginx. I am using supervisor to start nginx and uwsgi. Need to protect it the website using password. I've tried using .htaccess.

htpasswd -cb /etc/nginx/.htpasswd admin admin

and added the nginx config with

location / { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/.htpasswd; uwsgi_pass unix:/var/sockets/api.sock; include /home/docker/uwsgi_params; }

It's working but its asking password repeatedly. Usually htaccess only asks password once in session. But it asks for username and password every time we click one field or button. Is there any way to fix it?

Improve this question
5
  • Are you able to log in or 'asking password repeatedly' means the box pops immediately back? In the latter, authentication mechanism kicks in, but you are not providind a recognized password. The auth_basic module follows the 'HTTP Basic Authentication' protocol, which is probably the same behind Apache's auth too, which simply consists in sending an 'Authorization' header with the 'user:password' duple encoded in Base64. Check the auth file is where it is supposed to be, contains user/password information understandable by nginx, and that you are using correct user/password to log in. Commented Sep 14, 2016 at 17:35
  • found the error it was not reloated to the nginx config but wiht the django app stackoverflow.com/questions/36057631/… Commented Sep 28, 2016 at 10:27
  • I suggest you answer your own question, providing details so yo ucould help other people having the same problem as yourself. Editing/Rephrasing the question might also help correctly referencing it, since it has nothing to do with nginx. Commented Oct 2, 2016 at 1:49
  • @BernardRosset it has connection to nginx. Basic authentication uses the Authorization header to transmit user and password. Django REST also uses this header in the TokenAuthentication authentication backend. Nginx does not support multiple Authorization headers, so if you try to login and use Token authentication simultaneously it wont work. Commented Oct 3, 2016 at 12:49
  • This issue has nothing to do with the original question + once again not related to nginx. You should have done your homework since there are already several questions about sending multiple HTTP Authorization headers (or several token in a single one) on multiple StackExchange websites. nginx usually follows HTTP standards so in case of doubt, make sure you document yourself properly. Namely, RFC7235, section 3.1 provides you with the standard process to submit multiple credentials token. Multiple HTTP Authorization header are not standard. Commented Oct 3, 2016 at 21:39

1 Answer 1

Reset to default
0

Hi all the issue was same as in the following question . It seems they have a solution for it.

https://stackoverflow.com/questions/36057631/nginx-password-authentication-keeps-prompting-for-password

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.