location /subdir with auth_basic and PHP FastCGI
Posted by halx
|
location /subdir with auth_basic and PHP FastCGI May 23, 2009 06:15AM |
Registered: 14 years ago Posts: 2 |
Hi!
I'm a newcomer to nginx from Apache and Lighttpd. I switched two weeks ago on one of our production server and everything seemd to be more than good. But now I have to face a problem I couldn't solve.
I had to setup a subdirectory of the site to be password protected while keep all the behaviours defined by location blocks.
These are:
- pass all PHP to FastCGI UDS
- deny access to special files like *.inc *.log and so on
- turn off autoindex
- set expires on some static files
I have all these setup for the "server" section with location blocks and works well, but when I make a "location" block to protect the given subdirectory, nginx seems to forget all the "outer" config (for e.g.: PHP fastcgi doesn't work).
I found out that one solution can be if I copy the FastCGI location block into the "auth_basic" location block but that code duplication is "not seems to be too nice to me".
Can I somehow password protect a subdir branch while keeping all the other config working. I mean if the given subdir location matches nginx enforces WWW-Auth but after that everything works as before.
It would be a very big help for me.
Thanx: Sandor
(sorry for my english)
I'm a newcomer to nginx from Apache and Lighttpd. I switched two weeks ago on one of our production server and everything seemd to be more than good. But now I have to face a problem I couldn't solve.
I had to setup a subdirectory of the site to be password protected while keep all the behaviours defined by location blocks.
These are:
- pass all PHP to FastCGI UDS
- deny access to special files like *.inc *.log and so on
- turn off autoindex
- set expires on some static files
I have all these setup for the "server" section with location blocks and works well, but when I make a "location" block to protect the given subdirectory, nginx seems to forget all the "outer" config (for e.g.: PHP fastcgi doesn't work).
I found out that one solution can be if I copy the FastCGI location block into the "auth_basic" location block but that code duplication is "not seems to be too nice to me".
Can I somehow password protect a subdir branch while keeping all the other config working. I mean if the given subdir location matches nginx enforces WWW-Auth but after that everything works as before.
It would be a very big help for me.
Thanx: Sandor
(sorry for my english)
|
Re: location /subdir with auth_basic and PHP FastCGI May 23, 2009 10:42AM |
Admin Registered: 15 years ago Posts: 574 |
Without seeing your settings it's hard to answer your question, but if it looks something like this:
[code]
server {
...
location ~ \.php$ {
fastcgi_pass ...
...
}
location ^~ /protected_directory/ {
auth_basic ... ;
auth_basic_user_file /path/to/passwd/file;
}
}
[/code]
Then the fastcgi_pass will not be inherited. It needs to be respecified in your config. One way is:
[code]
server {
...
location ~ \.php$ {
fastcgi_pass ...
...
}
location ^~ /protected_directory/ {
auth_basic ... ;
auth_basic_user_file /path/to/passwd/file;
location ~ \.php$ {
fastcgi_pass ...
...
}
}
}
[/code]
See http://forum.nginx.org/read.php?2,2304 for a more thorough discussion of this.
--
Jim Ohlstein
Edited 1 time(s). Last edit at 05/23/2009 10:43AM by Jim Ohlstein.
[code]
server {
...
location ~ \.php$ {
fastcgi_pass ...
...
}
location ^~ /protected_directory/ {
auth_basic ... ;
auth_basic_user_file /path/to/passwd/file;
}
}
[/code]
Then the fastcgi_pass will not be inherited. It needs to be respecified in your config. One way is:
[code]
server {
...
location ~ \.php$ {
fastcgi_pass ...
...
}
location ^~ /protected_directory/ {
auth_basic ... ;
auth_basic_user_file /path/to/passwd/file;
location ~ \.php$ {
fastcgi_pass ...
...
}
}
}
[/code]
See http://forum.nginx.org/read.php?2,2304 for a more thorough discussion of this.
--
Jim Ohlstein
Edited 1 time(s). Last edit at 05/23/2009 10:43AM by Jim Ohlstein.
|
Re: location /subdir with auth_basic and PHP FastCGI May 23, 2009 11:36AM |
Registered: 14 years ago Posts: 2 |
Thank you very much!
I read the referenced thread and the possible solutions are not good enough for me.
First I thought to switch back to Lighttpd because this is a very simple thing to solve with it. Than I changed my mind and solved the problem the next way:
1, I denied the protected subdir /stat/ with:
[code]
location ^~ /stat/ {
deny all;
}
[/code]
2, Setup subdomain stat.<domainname>
3, Put the virtual host into nginx.conf with the next:
[code]
satisfy any;
allow <ipaddr>/32;
deny all;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd_stat;
[/code]
This way some code is duplicated because of the new virtual host but the config doesn't look like haystack with recursive location blocks.
If anybody knows a better and simple way, I would by very happy with it!
Thanx:
Sandor
I read the referenced thread and the possible solutions are not good enough for me.
First I thought to switch back to Lighttpd because this is a very simple thing to solve with it. Than I changed my mind and solved the problem the next way:
1, I denied the protected subdir /stat/ with:
[code]
location ^~ /stat/ {
deny all;
}
[/code]
2, Setup subdomain stat.<domainname>
3, Put the virtual host into nginx.conf with the next:
[code]
satisfy any;
allow <ipaddr>/32;
deny all;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd_stat;
[/code]
This way some code is duplicated because of the new virtual host but the config doesn't look like haystack with recursive location blocks.
If anybody knows a better and simple way, I would by very happy with it!
Thanx:
Sandor
Sorry, only registered users may post in this forum.
Online Users
Guests:
268
Record Number of Users:
8
on April 13, 2023
Record Number of Guests:
421
on December 02, 2018
This forum is powered by Phorum.
 |
 |
 |
 |
|