[GH-ISSUE #911] Basic Authentication for Access rules is not working #771

New issue

Open

opened 2026-02-26 06:34:20 +03:00 by kerem · 24 comments

kerem commented 2026-02-26 06:34:20 +03:00

Owner

Copy link

Originally created by @NovaViper on GitHub (Feb 21, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/911

Describe the bug
Hey guys, I'm noticing that basic authentication isn't working on my instance at all. None of my reverse proxies are displaying the authentication dialog on any of my machines (tried on both my laptop and desktop, as well as my phone).

To Reproduce
Steps to reproduce the behavior:

1. Create a reverse proxy rule
2. Add a Access Rule that uses a username+password
3. Link Access rule to proxy rule and restart nginx
4. Go the the reverse proxy, noticing that no authentication menu appears.

Expected behavior
A authentication menu from the browser should be appearing

Screenshots
If applicable, add screenshots to help explain your problem.

Operating System
Raspberry pi 4 running Raspian Lite with OpenMediaVault installed, Nginx Proxy Manager is installed a docker container within Portainer.

Additional context
Add any other context about the problem here, docker version, browser version if applicable to the problem. Too much info is better than too little. Nginx Proxy Manager version is v2.8.0

Originally created by @NovaViper on GitHub (Feb 21, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/911 **Describe the bug** Hey guys, I'm noticing that basic authentication isn't working on my instance at all. None of my reverse proxies are displaying the authentication dialog on any of my machines (tried on both my laptop and desktop, as well as my phone). **To Reproduce** Steps to reproduce the behavior: 1. Create a reverse proxy rule 2. Add a Access Rule that uses a username+password 3. Link Access rule to proxy rule and restart nginx 4. Go the the reverse proxy, noticing that no authentication menu appears. **Expected behavior** A authentication menu from the browser should be appearing **Screenshots** If applicable, add screenshots to help explain your problem. **Operating System** Raspberry pi 4 running Raspian Lite with OpenMediaVault installed, Nginx Proxy Manager is installed a docker container within Portainer. **Additional context** Add any other context about the problem here, docker version, browser version if applicable to the problem. Too much info is better than too little. Nginx Proxy Manager version is v2.8.0

kerem added the

stale

bug

labels 2026-02-26 06:34:20 +03:00

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@andreas-barthel commented on GitHub (Feb 23, 2021):

Have you tried to enable "Satisfy Any" in the Access List?

<!-- gh-comment-id:784598756 --> @andreas-barthel commented on GitHub (Feb 23, 2021): Have you tried to enable "Satisfy Any" in the Access List?

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@NovaViper commented on GitHub (Feb 24, 2021):

Have you tried to enable "Satisfy Any" in the Access List?

Yeah, it's still not working

<!-- gh-comment-id:784640438 --> @NovaViper commented on GitHub (Feb 24, 2021): > Have you tried to enable "Satisfy Any" in the Access List? Yeah, it's still not working

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@bpivk commented on GitHub (Feb 25, 2021):

I have the same problem.

Details: Satisfy any enabled
Authorization: Username/password set
Access: Left default so ony deny all is filled at the bottom.

Changing all the settings hasn't changed anything.

<!-- gh-comment-id:786194036 --> @bpivk commented on GitHub (Feb 25, 2021): I have the same problem. Details: Satisfy any enabled Authorization: Username/password set Access: Left default so ony deny all is filled at the bottom. Changing all the settings hasn't changed anything.

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@jtrosper commented on GitHub (Mar 2, 2021):

Encountering the same exact issue here as described above.

<!-- gh-comment-id:789132831 --> @jtrosper commented on GitHub (Mar 2, 2021): Encountering the same exact issue here as described above.

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@LouisAugry commented on GitHub (Mar 12, 2021):

I have the same problem when I have custom location, without custom location it works.

<!-- gh-comment-id:797251898 --> @LouisAugry commented on GitHub (Mar 12, 2021): I have the same problem when I have custom location, without custom location it works.

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@tmrtkn commented on GitHub (Mar 17, 2021):

I also have this problem. With custom location authentication doesn't work, without it, it works.

<!-- gh-comment-id:801430129 --> @tmrtkn commented on GitHub (Mar 17, 2021): I also have this problem. With custom location authentication doesn't work, without it, it works.

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@tmrtkn commented on GitHub (Mar 17, 2021):

I'm not so sure about other cases, but my case seems to be that I am using / custom location path.

In https://github.com/jc21/nginx-proxy-manager/blob/master/backend/internal/nginx.js#L219 is a line "host.use_default_location = false;".

And then, in https://github.com/jc21/nginx-proxy-manager/blob/master/backend/templates/proxy_host.conf#L21, only the default location puts the authorization magic into the configuration file. If "use_default_location" is false, the authorization magic is omitted.

I am not a javascript expert by any means. Does this make any sense?

<!-- gh-comment-id:801463276 --> @tmrtkn commented on GitHub (Mar 17, 2021): I'm not so sure about other cases, but my case seems to be that I am using / custom location path. In https://github.com/jc21/nginx-proxy-manager/blob/master/backend/internal/nginx.js#L219 is a line "host.use_default_location = false;". And then, in https://github.com/jc21/nginx-proxy-manager/blob/master/backend/templates/proxy_host.conf#L21, only the default location puts the authorization magic into the configuration file. If "use_default_location" is false, the authorization magic is omitted. I am not a javascript expert by any means. Does this make any sense?

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@tmrtkn commented on GitHub (Mar 17, 2021):

Sorry about the spam. I probably found a workaround for my case. I added the following into custom location's custom configuration

# Authorization
auth_basic            "Authorization required";
auth_basic_user_file  /data/access/1;

proxy_set_header Authorization "";

# Access Rules
deny all;

# Access checks must...
satisfy any;

At least for me, that made the authentication dialog to appear. I hope that the configuration, as a whole, is still sane.

edit: I'm running npm in docker. version 2.8.0.
I have only 1 access list, hence 1 in auth_basic_user_file's value.

edit2: Force ssl by adding this into the configuration

# Force SSL
include conf.d/include/force-ssl.conf;

<!-- gh-comment-id:801473780 --> @tmrtkn commented on GitHub (Mar 17, 2021): Sorry about the spam. I probably found a workaround for my case. I added the following into custom location's custom configuration ``` # Authorization auth_basic "Authorization required"; auth_basic_user_file /data/access/1; proxy_set_header Authorization ""; # Access Rules deny all; # Access checks must... satisfy any; ``` At least for me, that made the authentication dialog to appear. I hope that the configuration, as a whole, is still sane. edit: I'm running npm in docker. version 2.8.0. I have only 1 access list, hence `1` in `auth_basic_user_file`'s value. edit2: Force ssl by adding this into the configuration ``` # Force SSL include conf.d/include/force-ssl.conf; ```

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@MrColumbo commented on GitHub (Apr 14, 2022):

I have the same issue. I am not quite sure how the custom location workaround is supposed to work. Do I need to put in a path? If I need to put in a path .....does it need to exist and what kind of files are expected at that path?
I added a screenshot of my npm custom dialog:

<!-- gh-comment-id:1098799308 --> @MrColumbo commented on GitHub (Apr 14, 2022): I have the same issue. I am not quite sure how the custom location workaround is supposed to work. Do I need to put in a path? If I need to put in a path .....does it need to exist and what kind of files are expected at that path? I added a screenshot of my npm custom dialog: 

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@berengard commented on GitHub (Sep 11, 2022):

I have a suspicion that it doesn't like symbols in the password.
After making a new access list for the 4th time, I gave it a password with only alphanumeric characters, then I assigned the access list to the host and it worked.
Before that it was showing me the authentication dialog sometimes but never accepting the password.
And at one point it was working in firefox, but not in chrome, which is totally weird! :/

<!-- gh-comment-id:1243048762 --> @berengard commented on GitHub (Sep 11, 2022): I have a suspicion that it doesn't like symbols in the password. After making a new access list for the 4th time, I gave it a password with only alphanumeric characters, then I assigned the access list to the host and it worked. Before that it was showing me the authentication dialog sometimes but never accepting the password. And at one point it was working in firefox, but not in chrome, which is totally weird! :/

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@randomparity commented on GitHub (Jan 3, 2024):

Having the same problem. If I generate a password from the command-line with htpasswd and insert the result into the access file with a text editor then I'm able to use a password with special characters:

# htpasswd -n admin
New password:
Re-type new password:
admin:$apr1$pAaFZMwI$w8D5AjloujDli./NIX5MK1

<!-- gh-comment-id:1874823746 --> @randomparity commented on GitHub (Jan 3, 2024): Having the same problem. If I generate a password from the command-line with `htpasswd` and insert the result into the access file with a text editor then I'm able to use a password with special characters: ``` # htpasswd -n admin New password: Re-type new password: admin:$apr1$pAaFZMwI$w8D5AjloujDli./NIX5MK1 ```

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@speakradmin commented on GitHub (Jan 16, 2024):

Ran into this same problem running 2.10.4. Hope the dev can check it out

<!-- gh-comment-id:1893240910 --> @speakradmin commented on GitHub (Jan 16, 2024): Ran into this same problem running 2.10.4. Hope the dev can check it out

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@speakradmin commented on GitHub (Jan 16, 2024):

Ok scratch that. I was doing this on an older verion.

Fresh install of 2.10.4 getting forbidden with no prompt on any host with a basic auth access list but the fix from @randomparity doesn't work. IP based still works fine.

Tested in incognito as well to make sure there wasn't some browser cache interfering

<!-- gh-comment-id:1893350363 --> @speakradmin commented on GitHub (Jan 16, 2024): Ok scratch that. I was doing this on an older verion. Fresh install of 2.10.4 getting forbidden with no prompt on any host with a basic auth access list but the fix from @randomparity doesn't work. IP based still works fine. Tested in incognito as well to make sure there wasn't some browser cache interfering

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Aug 24, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:2307988586 --> @github-actions[bot] commented on GitHub (Aug 24, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@jelen07 commented on GitHub (Sep 25, 2024):

Same issue with nginx nginx:1.27.1

<!-- gh-comment-id:2373555047 --> @jelen07 commented on GitHub (Sep 25, 2024): Same issue with nginx `nginx:1.27.1`

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@az1611 commented on GitHub (Nov 1, 2024):

I am facing the same issue with npm v2.12.1 with no custom location, no special characters in the user/password as well as no difference if I tick/untick the satisfy any checkbox.
Whenever the access list is applied to the proxy host, i face the forbidden screen immediately.
I've also tried to apply the changes and restart the container with no avail.

Thank you

<!-- gh-comment-id:2451122015 --> @az1611 commented on GitHub (Nov 1, 2024): I am facing the same issue with npm v2.12.1 with no custom location, no special characters in the user/password as well as no difference if I tick/untick the satisfy any checkbox. Whenever the access list is applied to the proxy host, i face the forbidden screen immediately. I've also tried to apply the changes and restart the container with no avail. Thank you

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@digitaltim-de commented on GitHub (Dec 13, 2024):

Same error i got 403 forbidden but that not asking for a password or something.

<!-- gh-comment-id:2540462056 --> @digitaltim-de commented on GitHub (Dec 13, 2024): Same error i got 403 forbidden but that not asking for a password or something.

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@AntiiHeld commented on GitHub (Dec 13, 2024):

I have the same problem.
v2.12.1, no custom location, password like "test" (for testing), no difference betweet satisfy any on or off.

// Edit
I also noticed that when I want to edit an entry in the Access List, I get the error message "data/items/0/password must NOT have fewer than 1 characters".

<!-- gh-comment-id:2541666865 --> @AntiiHeld commented on GitHub (Dec 13, 2024): I have the same problem. v2.12.1, no custom location, password like "test" (for testing), no difference betweet satisfy any on or off. // Edit I also noticed that when I want to edit an entry in the Access List, I get the error message "data/items/0/password must NOT have fewer than 1 characters".

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@Japhys commented on GitHub (Dec 20, 2024):

Same problem after a clean install. Used to work but I was probably on an older version

<!-- gh-comment-id:2557113969 --> @Japhys commented on GitHub (Dec 20, 2024): Same problem after a clean install. Used to work but I was probably on an older version

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@Ivanthec commented on GitHub (Dec 25, 2024):

I'm a complete noob at this stuff so not sure if this is a long-term fix or if NPM will overwrite this.

I took @tmrtkn fix and applied it directly to the file.

Again...I am a noob but to me it looks like it isn't saving some of the changes from the gui.

1. Locate the npm path location. I use docker so this is set from the start.

I had mine set to /data/compose

2. Find and modify the site config file

From what I can tell, only certain things are writing over from the GUI

I had to change "satisfy all" to "satisfy any"

and the text below with the rest of the proxy header settings

proxy_set_header Authorization "";

3. Rebooted NPM

4. Profit! Received the login prompt

<!-- gh-comment-id:2561625227 --> @Ivanthec commented on GitHub (Dec 25, 2024):  I'm a complete noob at this stuff so not sure if this is a long-term fix or if NPM will overwrite this. I took @tmrtkn fix and applied it directly to the file. Again...I am a noob but to me it looks like it isn't saving some of the changes from the gui. 1. Locate the npm path location. I use docker so this is set from the start. I had mine set to /data/compose 2. Find and modify the site config file From what I can tell, only certain things are writing over from the GUI I had to change "satisfy all" to "satisfy any" and the text below with the rest of the proxy header settings proxy_set_header Authorization ""; 3. Rebooted NPM 4. Profit! Received the login prompt 

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@yamikeigo commented on GitHub (Jan 24, 2025):

I'm a complete noob at this stuff so not sure if this is a long-term fix or if NPM will overwrite this.

noob or not, merry belated Christmas to you good sir. Your hamfisting actually worked!

<!-- gh-comment-id:2611799082 --> @yamikeigo commented on GitHub (Jan 24, 2025): > > I'm a complete noob at this stuff so not sure if this is a long-term fix or if NPM will overwrite this. > noob or not, merry belated Christmas to you good sir. Your hamfisting actually worked!

kerem commented 2026-02-26 06:34:20 +03:00

Author

Owner

Copy link

@yamikeigo commented on GitHub (Jan 24, 2025):

btw is this app basically dead? seems like very many stale issues. had to blow up my instance a while back due to certs not renewing and that issue was stale too.

<!-- gh-comment-id:2611827817 --> @yamikeigo commented on GitHub (Jan 24, 2025): btw is this app basically dead? seems like very many stale issues. had to blow up my instance a while back due to certs not renewing and that issue was stale too.

kerem commented 2026-02-26 06:34:21 +03:00

Author

Owner

Copy link

@Ivanthec commented on GitHub (Jan 31, 2025):

btw is this app basically dead? seems like very many stale issues. had to blow up my instance a while back due to certs not renewing and that issue was stale too.

Minimal updates for sure. I switched to Zoraxy and it is amazing. No Basic Auth work arounds :)

<!-- gh-comment-id:2628575294 --> @Ivanthec commented on GitHub (Jan 31, 2025): > btw is this app basically dead? seems like very many stale issues. had to blow up my instance a while back due to certs not renewing and that issue was stale too. Minimal updates for sure. I switched to Zoraxy and it is amazing. No Basic Auth work arounds :)

kerem commented 2026-02-26 06:34:21 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Aug 21, 2025):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:3208733558 --> @github-actions[bot] commented on GitHub (Aug 21, 2025): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem referenced this issue 2026-02-26 07:38:47 +03:00

[PR #771] [MERGED] Bump ini from 1.3.5 to 1.3.8 in /test #3295

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/prod-minor-updates-5edfafad3a

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#771

No description provided.