phpmyadmin 500 Internal Server Error after enabling authentication gateway

Question

I'm running it on NGINX server, it worked fine untill I enabled authentication gateway. I generated encrypted passsword using openssl passwd and added /etc/nginx/pma_pass file with user: encryptedPassword line. Also I added location block inside server block in /etc/nginx/sites-available/default. It looks like this

location /urlpath { 
    auth_basic "Admin Login";
    auth_basic_user_file /etc/nginx/pma_pass;
}

I get authentication prompt followed by 500 no matter what I put in it. What could be the problem here ?

Here's my entire server block:

server {
        root /var/www/html;

        index index.php index.html index.htm index.nginx-debian.html;

        server_name www.domain domain ipaddress;

        location ^~ /urlpath {
                auth_basic "Admin Login";
                auth_basic_user_file /etc/nginx/pma_pass;
                try_files $uri $uri/ =404;
                location ~ \.php$ {
                       include snippets/fastcgi-php.conf;
                       fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
                }
        }

  
        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/path; 
    ssl_certificate_key /etc/letsencrypt/path; 
    include /etc/letsencrypt/path; 
    ssl_dhparam /etc/letsencrypt/path; 

}

/var/log/nginx/error.log last entry

2020/07/04 10:57:44 [crit] 18699#18699: *530 crypt_r() failed (22: Invalid argument), client: 82.208.215.144, server: www.whatevs.info, request: "GET /path_phpadmin_is_located_at/ HTTP/1.1", host: "domain"

You need to duplicate all other directives from your root `location / { ... }` block, possibly including the nested `location ~ \.php$ { ... }` block and use `location ^~ /urlpath { ... }` for this one. — Ivan Shatsky, Jul 02 '20 at 18:56
@IvanShatsky same result all over again, is this what you had in mind ? location ^~ /urlpath { auth_basic "Admin Login"; auth_basic_user_file /etc/nginx/pma_pass; try_files $uri $uri/ =404; location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; } } — fit_For_a_King, Jul 02 '20 at 21:15
Can you update your question with your full `server` block? You can omit private info such as domain name, certificates path etc. — Ivan Shatsky, Jul 02 '20 at 21:33
You are trying to protect some app (looks like it is phpMyAdmin) with additional HTTP basic auth, yes? Is it physically located in `/var/www/html/urlpath` directory? What are the last lines of your nginx error log when you get a 500 error? — Ivan Shatsky, Jul 03 '20 at 21:25
@IvanShatsky yes, I enabled auth for phpmyadmin. /var/www/html contains symbolic link pointing to /usr/share/phpmyadmin, and I renamed it so that phpmyadmin can not be accessed at obvious domain/phpmyadmin path. I updated question w/ last entry from /var/log/ngnix/error.log — fit_For_a_King, Jul 04 '20 at 11:00
Looks like nginx doesn't like your `pma_pass` file contents (or to be more precise its a system libc library who doesn't like it). There should be no spaces in `user:password` line. You can also try to force an encryption algorithm with `openssl passwd -crypt` (system default) or `openssl passwd -apr1` (apache default). — Ivan Shatsky, Jul 04 '20 at 17:17
Additionally take a look at [this](https://stackoverflow.com/questions/31833583/nginx-gives-an-internal-server-error-500-after-i-have-configured-basic-auth) Q/A. — Ivan Shatsky, Jul 04 '20 at 17:20
@IvanShatsky I modified pma_pass so it's user:password and now it goes straight to phpmyadmin without auth prompt - as if I neved enabled it ! Gonna take a look at that post you linked, thanks for the effort brother. — fit_For_a_King, Jul 04 '20 at 20:19
Maybe your login/password somehow got cached with your browser? Try to login from the incognito window. — Ivan Shatsky, Jul 04 '20 at 20:21
Good to hear, summarized all of this as an answer so you can accept it :) — Ivan Shatsky, Jul 04 '20 at 22:23

score 1 · Accepted Answer · answered Jul 04 '20 at 22:22

Summing up all the discussion in the comments, the solution is

such a protected location should have its own nested PHP handler and use ^~ location modifier (to aviod the requests like /urlpath/index.php to be captured by location ~ \.php$ { ... } location below):

location ^~ /urlpath {
    auth_basic "Admin Login";
    auth_basic_user_file /etc/nginx/pma_pass;
    try_files $uri $uri/ =404;
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
    }
}

password file should contain the lines in form of <user_name>:<hashed_password> and should not contain any extra spaces within such a line.

phpmyadmin 500 Internal Server Error after enabling authentication gateway

1 Answers1