+> I wonder whether this might be caused by the combination of the `httpauth` plugin
+> with the nginx web server. `httpauth` is known to work correctly with Apache,
+> but you might be the first to use it with nginx.
+>
+> Specifically, I wonder whether `$cgi->remote_user()` might be returning the
+> empty string. Looking at the code, we expect it to be either a non-empty
+> username, or `undef`.
+>
+> Please try installing this CGI script on your nginx server, making it
+> executable and accessing its URL without carrying out any special HTTP
+> authentication (you can delete the script immediately afterwards if
+> you want). If my theory is right, you will see a line `REMOTE_USER=` in
+> the output. Post the output somewhere, or mail it to `smcv` at
+> `debian.org` if you don't want to make it public.
+>
+> ```
+> #!/bin/sh
+> printf 'Content-type: text/plain\r\n\r\n'
+> env | LC_ALL=C sort
+> ```
+>
+> If you do not intend to use
+> [HTTP basic authentication](https://en.wikipedia.org/wiki/Basic_access_authentication),
+> please do not enable the `httpauth` plugin. That plugin is intended to be used
+> in conjunction with a web server configured to require HTTP basic authentication
+> with one of a limited set of authorized usernames.
+>
+> --[[smcv]]
+>
+>> If my theory is correct, ikiwiki git master now works around this, and the
+>> [[plugins/httpauth]] documentation now recommends a more correct configuration.
+>> --[[smcv]]
+