Welcome! Log In Create A New Profile

Advanced

auth_basic, try_files and return problem

Posted by ver 
ver
auth_basic, try_files and return problem
June 28, 2012 06:22AM
Hello,

I noticed strange behaviour of nginx, while using combination of tons of ifs, try_files and auth_basic.

Generally my configuration should work like this:
- serve all static files from specific root
- proxy all .php to @apache_backend
- proxy all 404 to @apache_backend
- use basic_auth IF file with passwrod exists, after successfull auth go back to normal procedures of serving/proxy files

my config looks like this (skipping not so here importand stuff)

1. check if file with password exists, if yes then set $Authrisation "yes", else "no"

2. for location /
{
if ($Authorisation = yes) return 401;
try_files $uri @apache_backend;
}

3. for *.php - same as for "/" location

4. error_page:
a) 404 should be proxed to backend: error_page 404 = @apache_backend;
b) 401 should be handled by @AuthLocation named location

5. named locations:
a) @AuthLocation - simple, auth_basic "secret zone"; auth_basic_user_file /path/to/existing/file/with/pass;
b) @apache_backend - simple proxy_pass http://apache:80;


And this is about its behaviour:
scenario 1: file with pass dont exists, so auth should be off:
- reuqest for static file: / location -> try_files -> $uri -> back to user
- request for non-exists file: / location -> try_files -> @proxy_to_backend (simple, all requests goes here to backend, so error_page 404 wont be used) -> back to user what apache(proxy) will return
- request for i_do_exists.php file: .php location -> try_files -> @proxy_to_backend -> back to user

scenario 2: file with auth EXISTS, and authorisation should be rised:
- request for static file: / location -> pass file exists, $Authorisation = yes, so return 401 -> 401 goes to @AuthLocation -> Auth basic module fire up, log/pass windows shoes up -> if pass ok -> show static file -> back to user
- request for .php file: super fu.ked up thing: / location -> pass file exists, $Authorisation = yes, so return 401 -> 401 goes to @AuthLocation -> Auth basic module fire up, log/pass windows shoes up -> if pass ok -> ... shows .php file as static file, dont triggers try_files and at the enddont proxy request to apache O_O
- request for file i_dont_exists.wtf (reminder: should be proxied to apache): / location -> pass file exists, $Authorisation = yes, so return 401 -> 401 goes to @AuthLocation -> Auth basic module fire up, log/pass windows shoes up -> if pass ok -> ... shows nginex 404 (but not that error_page 404 = @proxy_to_backend, just OLD, normal, default 404 from nginx)

what now? where is logic mistake? is there any? or nginx is lost in these requests/proxy/error swamp?

greetings, lookin forward for any help/tips
ver
Re: auth_basic, try_files and return problem
June 28, 2012 06:54AM
ok, problem solved...

if authorisation is "on" and return 401 triggers, then nginx siply skips all the rest of config (in that location),
so to solve the problem @AuthLocation should have lines to handle the reques one more one (one more try_files etc). Same with .php location block.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 169
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready