Redirect with HTTPS with basic auth
December 27, 2016 06:02PM
I am having the problem described here: http://stackoverflow.com/questions/41229844/nginx-basic-auth-in-location-but-first-redirect-to-https

Is there any way to do this in nginx? It seems that basic auth always takes precedence, which makes some sense, but sometimes you want to prioritice some things over it, like a redirect to https. Is this possible? How could I do this?

Thank you and regards
Re: Redirect with HTTPS with basic auth
December 28, 2016 03:19AM
Make 2 server blocks, you can't do this with 1 block where http and https are combined.

---
nginx for Windows http://nginx-win.ecsds.eu/
Re: Redirect with HTTPS with basic auth
December 28, 2016 05:45AM
Thank you for your answer. Well I know that is an option but I hate to have duplicated code everywhere, it is not very good for maintainance.

It would be great to have a feature to make a redirect "high-priority"



Edited 1 time(s). Last edit at 12/28/2016 05:46AM by diego_xa.
Re: Redirect with HTTPS with basic auth
December 28, 2016 07:08AM
You call this high-maintenance: ??

server {
listen 80;
server_name mydomain.com;
location / { rewrite ^ https://$http_host$request_uri? permanent; }
}

---
nginx for Windows http://nginx-win.ecsds.eu/
Re: Redirect with HTTPS with basic auth
January 02, 2017 05:33AM
itpp2012 Wrote:
-------------------------------------------------------
> You call this high-maintenance: ??
>
> server {
> listen 80;
> server_name mydomain.com;
> location / { rewrite ^ https://$http_host$request_uri? permanent; }
> }


That is not what I have in my configurations. I have something like this:

server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;

server_name mydomain.com;

[...]
a bunch of locations
[...]

location ~* /auth_required {
if ($scheme = 'http') {
rewrite ^ https://$http_host$request_uri? permanent;
}

auth_basic "Restricted";
auth_basic_user_file /etc/nginx/auth/access.htpasswd;

root /var/www/restricted/;
index index.php index.html index.htm;

# PHP processor
include /etc/nginx/php.conf;
}

[...]
a bunch of locations
[...]
}

So with the previous solution I would need to have something like this:

server {
listen 80;
server_name mydomain.com;

[...]
a bunch of locations
[...]

location ~* /auth_required {
rewrite ^ https://$http_host$request_uri? permanent;
}

[...]
a bunch of locations
[...]
}

server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;

server_name mydomain.com;

[...]
a bunch of locations equal to the one in port 80
[...]

location ~* /auth_required {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/auth/access.htpasswd;

root /var/www/restricted/;
index index.php index.html index.htm;

# PHP processor
include /etc/nginx/php.conf;
}

[...]
a bunch of locations equal to the one in port 80
[...]
}

So yes, it is not the best way to do it. I already have a lot of includes for different pourposes and several servers for redirects (from non-www to www) so yes, this complicates the things more quite a bit. If you want to make a change, you will have to do it in both the ssl and non-ssl version as they are suposed to be exactly the same except for this authenticated section which forces you to split the configuration.

It is a shame nginx does not have a solution for this kind of situation. It would be great to have an option for a "high priority" rewrite or an option to use a location only in one port when several ports are defined in the server.



Edited 1 time(s). Last edit at 01/02/2017 05:34AM by diego_xa.
Re: Redirect with HTTPS with basic auth
January 02, 2017 06:45AM
You could try something like:

server {
listen 80;
listen 443 ssl;
server_name mydomain.com;
if ($scheme = 'http') { rewrite ^ https://$http_host$request_uri? permanent; }
location / { bla.....; }
}

ea. keep the 'if' outside the location blocks.

---
nginx for Windows http://nginx-win.ecsds.eu/
Re: Redirect with HTTPS with basic auth
January 02, 2017 12:23PM
but if you do that then you get redirected to https for all locations which is not what I want and if I wanted it I would do it without an if:

server {
listen 80;
server_name mydomain.com;
rewrite ^ https://$http_host$request_uri? permanent;
}

I only want all locations available through both http and https but a single location that has authentication where I want to force https. It seems that this is not possible with current nginx configuration options as the basic auth always takes precedence.
Re: Redirect with HTTPS with basic auth
January 02, 2017 01:56PM
The only other way is to use a parser which reads in your combined config and splits it out into http/https blocks.
ea. http://stackoverflow.com/questions/15277453/any-good-way-to-programmatically-change-nginx-config-file-from-python

---
nginx for Windows http://nginx-win.ecsds.eu/
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 145
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready