Wordpress permalinks unauthorized error in nginx

So i’m trying to run wordpress on LEMP. I did fix the permalinks by adding this

location / {
        try_files $uri $uri/ /index.php?$args;
}

But now i’m greeted with unauthorized error. More specifically -

A password is required to access this web server. Please try again. 

My virtual server’s config file

server {
    server_name test.com www.test.com;
    listen x.x.x.x;
    listen 80;
    #return 301 https://$host$request_uri;

}


server {
    server_name test.com www.test.com;
    listen x.x.x.x;
    root /home/test/public_html;
    index index.php;

    access_log /var/log/virtualmin/test.com_access_log;
    error_log /var/log/virtualmin/test.com_error_log;
    fastcgi_param GATEWAY_INTERFACE CGI/1.1;
    fastcgi_param SERVER_SOFTWARE nginx;
    fastcgi_param QUERY_STRING $query_string;
    fastcgi_param REQUEST_METHOD $request_method;
    fastcgi_param CONTENT_TYPE $content_type;
    fastcgi_param CONTENT_LENGTH $content_length;
    fastcgi_param SCRIPT_FILENAME /home/test/public_html$fastcgi_script_name;
    fastcgi_param SCRIPT_NAME $fastcgi_script_name;
    fastcgi_param REQUEST_URI $request_uri;
    fastcgi_param DOCUMENT_URI $document_uri;
    fastcgi_param DOCUMENT_ROOT /home/test/public_html;
    fastcgi_param SERVER_PROTOCOL $server_protocol;
    fastcgi_param REMOTE_ADDR $remote_addr;
    fastcgi_param REMOTE_PORT $remote_port;
    fastcgi_param SERVER_ADDR $server_addr;
    fastcgi_param SERVER_PORT $server_port;
    fastcgi_param SERVER_NAME $server_name;
    fastcgi_param HTTPS $https;

    access_log /var/log/nginx/test.com.access.log;
    error_log /var/log/nginx/test.com.error.log;




    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
    # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
    location ~ /\. {
        deny all;
    }

    # Deny access to any files with a .php extension in the uploads directory
    # Works in sub-directory installs and also in multisite network
    # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
    location ~* /(?:uploads|files)/.*\.php$ {
        deny all;
    }


    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/var/php-nginx/156327396130368.sock/socket;
    }

    location / {

        auth_basic off;
        try_files $uri $uri/ /index.php?$args;

    }


    listen x.x.x.x:443 ssl;
    ssl_certificate /home/test/ssl.cert;
    ssl_certificate_key /home/test/ssl.key;
    fastcgi_read_timeout 60;
}

PS :- i’m using virtual min’s preview site feature

I tried adding auth_basic off to default as well as per site config. It just wouldn’t work

The “unauthorized” error suggests that NGINX is enforcing basic authentication on your site, possibly due to a setting in your configuration. Here are some steps and adjustments to troubleshoot and resolve this issue:

1. Remove Basic Auth if Not Needed

If you’re certain you don’t need basic authentication on your site, you can try explicitly disabling it in the server block and location blocks, as you’ve already attempted. Double-check to ensure that no other configuration files are re-enabling it. Here’s how:

server {
    listen x.x.x.x;
    server_name test.com www.test.com;
    root /home/test/public_html;
    index index.php;

    # Disable auth_basic for the entire server block
    auth_basic off;

    # Other configuration settings
    ...
    
    location / {
        auth_basic off;  # Ensure auth is off for the main site
        try_files $uri $uri/ /index.php?$args;
    }
}

2. Verify No .htpasswd Files are in Your Directories

Sometimes, if there’s an .htpasswd file in the WordPress root or other directories, it can lead to unintended authentication prompts. To confirm, list all hidden files in your document root and remove any .htpasswd files if they exist:

ls -la /home/test/public_html

If you find a .htpasswd file, either delete it or move it temporarily.

3. Confirm NGINX Settings in Virtualmin

Since you’re using Virtualmin, it may automatically generate additional NGINX configurations. Check Virtualmin’s settings for the virtual host to ensure that basic authentication is not being added there. Go to:

  1. Virtualmin > Services > Configure Website > Edit Directives
  2. Check for any lines that contain auth_basic and remove them if you find any.

4. Adjust NGINX Configuration

Make sure your location ~ \.php$ block is correctly pointing to your PHP-FPM socket or port. Also, to handle basic authentication settings consistently, ensure there’s no conflicting auth_basic directive elsewhere in your NGINX config or in /etc/nginx/nginx.conf.

5. Restart NGINX and PHP-FPM

After making the above changes, restart NGINX and PHP-FPM to apply your updates:

sudo systemctl restart nginx
sudo systemctl restart php-fpm

6. Preview Site Configuration in Virtualmin

The “Preview Website” feature in Virtualmin may enforce basic authentication or redirection to avoid conflicts on shared IPs. Instead of using Preview, try directly accessing the site through its domain name after DNS propagation to rule out configuration issues related to Virtualmin’s preview system.

If the issue persists, please confirm any additional authentication settings in Virtualmin or share any logs from /var/log/nginx/test.com.error.log for more details.