NGINX auth_basic is giving me a '404 not found' message ...

May 31, 2016 259 views
Nginx LEMP Ubuntu

I just followed the tutorial for installing and securing PHPmyadmin with Nginx on ubuntu (

Everything went well until I wanted to implement the authentication gate. I keep getting a 404 not found message, while I can't find anything wrong with what I did (I hope I'm wrong though).

*I have virtual hosts setup as follows : *


In this setup I have made the DEFAULT and inside /var/www/ I have create a symlink for Phpmyadmin with :** sudo ln -s /usr/share/phpmyadmin /var/www/**

*The default ( serverblock looks like this : *

server {
listen 80 defaultserver;
listen [::]:80 default
server ipv6only=on;

    root /var/www/;
    index index.php index.html index.htm;


    # Make site accessible from http://localhost/
    server_name localhost;

    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            try_files $uri $uri/ =404;
            # Uncomment to enable naxsi on this location
            # include /etc/nginx/naxsi.rules

    #error_page 404 /404.html;
    error_page 401 403 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
            root /usr/share/nginx/html;

 location /phpmyadmin {
        auth_basic "Admin Login";
        auth_basic_user_file /etc/nginx/pma_pass;

    location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;


I have gone over this thing I don't know how many times. I've even tried it in the original Nginx webroot. I've tried truning of Fail2ban and putting all jails as FALSE and nothing seems to stop the 404 not found message. The only thing that works is taking out the location directive and thus the gateway authentication.

Well, that's about it ... I hope someone can help me with this ...
Thanks in advance ..

1 Answer

For anyone who has this problem after following the : tutorial, keep in mind the following.

The problem seems to be in the line : error_page 401 403 404 /404.html;

When I take away the 401 out of the line, then the basic auth works fine ...

Nginx is a very secure and reliable web server even with a default setup. However, there are many ways to secure Nginx further. In this article, we will use open source software exclusively while trying to follow some popular web server hardening approaches and security standards. Namely, we'll be talking about preventing information disclosure, enforcing encryption, performing audits, and limiting access.
Have another answer? Share your knowledge.