Redirect with HTTPS with basic auth
Posted by diego_xa
|
Redirect with HTTPS with basic auth December 27, 2016 06:02PM |
Registered: 11 years ago Posts: 6 |
I am having the problem described here: http://stackoverflow.com/questions/41229844/nginx-basic-auth-in-location-but-first-redirect-to-https
Is there any way to do this in nginx? It seems that basic auth always takes precedence, which makes some sense, but sometimes you want to prioritice some things over it, like a redirect to https. Is this possible? How could I do this?
Thank you and regards
Is there any way to do this in nginx? It seems that basic auth always takes precedence, which makes some sense, but sometimes you want to prioritice some things over it, like a redirect to https. Is this possible? How could I do this?
Thank you and regards
|
Re: Redirect with HTTPS with basic auth December 28, 2016 03:19AM |
Admin Registered: 11 years ago Posts: 1,297 |
|
Re: Redirect with HTTPS with basic auth December 28, 2016 05:45AM |
Registered: 11 years ago Posts: 6 |
|
Re: Redirect with HTTPS with basic auth December 28, 2016 07:08AM |
Admin Registered: 11 years ago Posts: 1,297 |
|
Re: Redirect with HTTPS with basic auth January 02, 2017 05:33AM |
Registered: 11 years ago Posts: 6 |
itpp2012 Wrote:
-------------------------------------------------------
> You call this high-maintenance: ??
>
> server {
> listen 80;
> server_name mydomain.com;
> location / { rewrite ^ https://$http_host$request_uri? permanent; }
> }
That is not what I have in my configurations. I have something like this:
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;
server_name mydomain.com;
[...]
a bunch of locations
[...]
location ~* /auth_required {
if ($scheme = 'http') {
rewrite ^ https://$http_host$request_uri? permanent;
}
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/auth/access.htpasswd;
root /var/www/restricted/;
index index.php index.html index.htm;
# PHP processor
include /etc/nginx/php.conf;
}
[...]
a bunch of locations
[...]
}
So with the previous solution I would need to have something like this:
server {
listen 80;
server_name mydomain.com;
[...]
a bunch of locations
[...]
location ~* /auth_required {
rewrite ^ https://$http_host$request_uri? permanent;
}
[...]
a bunch of locations
[...]
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;
server_name mydomain.com;
[...]
a bunch of locations equal to the one in port 80
[...]
location ~* /auth_required {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/auth/access.htpasswd;
root /var/www/restricted/;
index index.php index.html index.htm;
# PHP processor
include /etc/nginx/php.conf;
}
[...]
a bunch of locations equal to the one in port 80
[...]
}
So yes, it is not the best way to do it. I already have a lot of includes for different pourposes and several servers for redirects (from non-www to www) so yes, this complicates the things more quite a bit. If you want to make a change, you will have to do it in both the ssl and non-ssl version as they are suposed to be exactly the same except for this authenticated section which forces you to split the configuration.
It is a shame nginx does not have a solution for this kind of situation. It would be great to have an option for a "high priority" rewrite or an option to use a location only in one port when several ports are defined in the server.
Edited 1 time(s). Last edit at 01/02/2017 05:34AM by diego_xa.
-------------------------------------------------------
> You call this high-maintenance: ??
>
> server {
> listen 80;
> server_name mydomain.com;
> location / { rewrite ^ https://$http_host$request_uri? permanent; }
> }
That is not what I have in my configurations. I have something like this:
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;
server_name mydomain.com;
[...]
a bunch of locations
[...]
location ~* /auth_required {
if ($scheme = 'http') {
rewrite ^ https://$http_host$request_uri? permanent;
}
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/auth/access.htpasswd;
root /var/www/restricted/;
index index.php index.html index.htm;
# PHP processor
include /etc/nginx/php.conf;
}
[...]
a bunch of locations
[...]
}
So with the previous solution I would need to have something like this:
server {
listen 80;
server_name mydomain.com;
[...]
a bunch of locations
[...]
location ~* /auth_required {
rewrite ^ https://$http_host$request_uri? permanent;
}
[...]
a bunch of locations
[...]
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;
server_name mydomain.com;
[...]
a bunch of locations equal to the one in port 80
[...]
location ~* /auth_required {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/auth/access.htpasswd;
root /var/www/restricted/;
index index.php index.html index.htm;
# PHP processor
include /etc/nginx/php.conf;
}
[...]
a bunch of locations equal to the one in port 80
[...]
}
So yes, it is not the best way to do it. I already have a lot of includes for different pourposes and several servers for redirects (from non-www to www) so yes, this complicates the things more quite a bit. If you want to make a change, you will have to do it in both the ssl and non-ssl version as they are suposed to be exactly the same except for this authenticated section which forces you to split the configuration.
It is a shame nginx does not have a solution for this kind of situation. It would be great to have an option for a "high priority" rewrite or an option to use a location only in one port when several ports are defined in the server.
Edited 1 time(s). Last edit at 01/02/2017 05:34AM by diego_xa.
|
Re: Redirect with HTTPS with basic auth January 02, 2017 06:45AM |
Admin Registered: 11 years ago Posts: 1,297 |
You could try something like:
server {
listen 80;
listen 443 ssl;
server_name mydomain.com;
if ($scheme = 'http') { rewrite ^ https://$http_host$request_uri? permanent; }
location / { bla.....; }
}
ea. keep the 'if' outside the location blocks.
---
nginx for Windows http://nginx-win.ecsds.eu/
server {
listen 80;
listen 443 ssl;
server_name mydomain.com;
if ($scheme = 'http') { rewrite ^ https://$http_host$request_uri? permanent; }
location / { bla.....; }
}
ea. keep the 'if' outside the location blocks.
---
nginx for Windows http://nginx-win.ecsds.eu/
|
Re: Redirect with HTTPS with basic auth January 02, 2017 12:23PM |
Registered: 11 years ago Posts: 6 |
but if you do that then you get redirected to https for all locations which is not what I want and if I wanted it I would do it without an if:
server {
listen 80;
server_name mydomain.com;
rewrite ^ https://$http_host$request_uri? permanent;
}
I only want all locations available through both http and https but a single location that has authentication where I want to force https. It seems that this is not possible with current nginx configuration options as the basic auth always takes precedence.
server {
listen 80;
server_name mydomain.com;
rewrite ^ https://$http_host$request_uri? permanent;
}
I only want all locations available through both http and https but a single location that has authentication where I want to force https. It seems that this is not possible with current nginx configuration options as the basic auth always takes precedence.
|
Re: Redirect with HTTPS with basic auth January 02, 2017 01:56PM |
Admin Registered: 11 years ago Posts: 1,297 |
Sorry, only registered users may post in this forum.
Online Users
Guests:
229
Record Number of Users:
8
on April 13, 2023
Record Number of Guests:
421
on December 02, 2018
This forum is powered by Phorum.
 |
 |
 |
 |
|