Hello,
I noticed strange behaviour of nginx, while using combination of tons of ifs, try_files and auth_basic.
Generally my configuration should work like this:
- serve all static files from specific root
- proxy all .php to @apache_backend
- proxy all 404 to @apache_backend
- use basic_auth IF file with passwrod exists, after successfull auth go back to normal procedures of serving/proxy files
my config looks like this (skipping not so here importand stuff)
1. check if file with password exists, if yes then set $Authrisation "yes", else "no"
2. for location /
{
if ($Authorisation = yes) return 401;
try_files $uri @apache_backend;
}
3. for *.php - same as for "/" location
4. error_page:
a) 404 should be proxed to backend: error_page 404 = @apache_backend;
b) 401 should be handled by @AuthLocation named location
5. named locations:
a) @AuthLocation - simple, auth_basic "secret zone"; auth_basic_user_file /path/to/existing/file/with/pass;
b) @apache_backend - simple proxy_pass http://apache:80;
And this is about its behaviour:
scenario 1: file with pass dont exists, so auth should be off:
- reuqest for static file: / location -> try_files -> $uri -> back to user
- request for non-exists file: / location -> try_files -> @proxy_to_backend (simple, all requests goes here to backend, so error_page 404 wont be used) -> back to user what apache(proxy) will return
- request for i_do_exists.php file: .php location -> try_files -> @proxy_to_backend -> back to user
scenario 2: file with auth EXISTS, and authorisation should be rised:
- request for static file: / location -> pass file exists, $Authorisation = yes, so return 401 -> 401 goes to @AuthLocation -> Auth basic module fire up, log/pass windows shoes up -> if pass ok -> show static file -> back to user
- request for .php file: super fu.ked up thing: / location -> pass file exists, $Authorisation = yes, so return 401 -> 401 goes to @AuthLocation -> Auth basic module fire up, log/pass windows shoes up -> if pass ok -> ... shows .php file as static file, dont triggers try_files and at the enddont proxy request to apache O_O
- request for file i_dont_exists.wtf (reminder: should be proxied to apache): / location -> pass file exists, $Authorisation = yes, so return 401 -> 401 goes to @AuthLocation -> Auth basic module fire up, log/pass windows shoes up -> if pass ok -> ... shows nginex 404 (but not that error_page 404 = @proxy_to_backend, just OLD, normal, default 404 from nginx)
what now? where is logic mistake? is there any? or nginx is lost in these requests/proxy/error swamp?
greetings, lookin forward for any help/tips