Welcome! Log In Create A New Profile

Advanced

location /subdir with auth_basic and PHP FastCGI

Posted by halx 
location /subdir with auth_basic and PHP FastCGI
May 23, 2009 06:15AM
Hi!

I'm a newcomer to nginx from Apache and Lighttpd. I switched two weeks ago on one of our production server and everything seemd to be more than good. But now I have to face a problem I couldn't solve.

I had to setup a subdirectory of the site to be password protected while keep all the behaviours defined by location blocks.
These are:
- pass all PHP to FastCGI UDS
- deny access to special files like *.inc *.log and so on
- turn off autoindex
- set expires on some static files
I have all these setup for the "server" section with location blocks and works well, but when I make a "location" block to protect the given subdirectory, nginx seems to forget all the "outer" config (for e.g.: PHP fastcgi doesn't work).

I found out that one solution can be if I copy the FastCGI location block into the "auth_basic" location block but that code duplication is "not seems to be too nice to me".

Can I somehow password protect a subdir branch while keeping all the other config working. I mean if the given subdir location matches nginx enforces WWW-Auth but after that everything works as before.

It would be a very big help for me.
Thanx: Sandor
(sorry for my english)
Re: location /subdir with auth_basic and PHP FastCGI
May 23, 2009 10:42AM
Without seeing your settings it's hard to answer your question, but if it looks something like this:

[code]
server {
...

location ~ \.php$ {
fastcgi_pass ...
...
}

location ^~ /protected_directory/ {
auth_basic ... ;
auth_basic_user_file /path/to/passwd/file;
}

}
[/code]


Then the fastcgi_pass will not be inherited. It needs to be respecified in your config. One way is:

[code]
server {
...

location ~ \.php$ {
fastcgi_pass ...
...
}

location ^~ /protected_directory/ {
auth_basic ... ;
auth_basic_user_file /path/to/passwd/file;

location ~ \.php$ {
fastcgi_pass ...
...
}

}

}
[/code]

See http://forum.nginx.org/read.php?2,2304 for a more thorough discussion of this.

--
Jim Ohlstein



Edited 1 time(s). Last edit at 05/23/2009 10:43AM by Jim Ohlstein.
Re: location /subdir with auth_basic and PHP FastCGI
May 23, 2009 11:36AM
Thank you very much!

I read the referenced thread and the possible solutions are not good enough for me.

First I thought to switch back to Lighttpd because this is a very simple thing to solve with it. Than I changed my mind and solved the problem the next way:

1, I denied the protected subdir /stat/ with:
[code]
location ^~ /stat/ {
deny all;
}
[/code]
2, Setup subdomain stat.<domainname>

3, Put the virtual host into nginx.conf with the next:
[code]
satisfy any;
allow <ipaddr>/32;
deny all;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd_stat;
[/code]

This way some code is duplicated because of the new virtual host but the config doesn't look like haystack with recursive location blocks.

If anybody knows a better and simple way, I would by very happy with it!

Thanx:
Sandor
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 94
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready