I got tasked with creating a phpipam server, and adding htpasswd authentication to it, as a test of skill during my internship. Yes, I am aware that this solution doesn't make sense, since phpipam already has got authentication built in, this is a proof of concept.
I'm using Nginx on Ubuntu server 24.04 LTS. Just to clarify, saying this here is not a security risk, I'm doing this on an isolated local network.
Documentation used for Phpipam: https://phpipam.net/documents/installation/
Documentation used for configuring htpasswd: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
I'm using htpasswd in the simplest way imaginable, by just adding:
auth_basic "Administrator's Area";
auth_basic_user_file /etc/nginx/.htpasswd;
In the "server" scope of my nginx config file.
Users were created correctly, I even made one with no encryption at all, just to make sure that the password was as I intended it. When I try to log in, if i enter the wrong password it just refreshes and lets me try again, and when I enter the correct password, it puts me through to the stock "wrong credentials" screen, and caches the credentials I entered, and won't let me try again until i clear my cache, or open a private tab.
I would really appreciate it if you had any suggestions of what I could try here.
