Home / server / Questions / 330580
In Process
Benjamin Wohlwend
Asked: 2011-11-14 12:07:38 +0800 CST

Enable basic auth sitewide and disabling it for subpages?

  • 772

I have a relatively straight forward config:

upstream appserver-1 {
    server unix:/var/www/example.com/app/tmp/gunicorn.sock fail_timeout=0;
}
server {
    listen  80;
    server_name  example.com;

    location / {
        proxy_pass http://appserver-1;
        proxy_redirect              off;
        proxy_set_header            Host $host;
        proxy_set_header            X-Real-IP $remote_addr;
        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;

        auth_basic                  "Restricted";
        auth_basic_user_file        /path/to/htpasswd;

    }

    location /api/ {
        auth_basic          off;
    }
}

The goal is to use basic auth on the whole website, except on the /api/ subtree. While it does work with respect to basic auth, other directives like proxy_pass are not in effect on /api/ as well.

Is it possible to just disable basic auth while retaining the other directives without copy&pasting everything?

nginx http-basic-authentication

4 Answers

  1. How about two files?

    includes/proxy.conf would be:

    proxy_pass http://appserver-1;
proxy_redirect              off;
proxy_set_header            Host $host;
proxy_set_header            X-Real-IP $remote_addr;
proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;

    And your current conf file:

    upstream appserver-1 {
    server unix:/var/www/example.com/app/tmp/gunicorn.sock fail_timeout=0;
}
server {
    listen  80;
    server_name  example.com;

    location / {
        auth_basic                  "Restricted";
        auth_basic_user_file        /path/to/htpasswd;
        include includes/proxy.conf;
    }

    location /api/ {
        auth_basic          off;
        include includes/proxy.conf;
    }
}
    • 43

  2. Config file

    In Nginx 1.4.4 you need quotes around off for the auth_basic setting.

    location / {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/passwd;
        include /etc/nginx/uwsgi_params;
        uwsgi_pass unix:/tmp/app.sock;
}

location /api {
    auth_basic "off";
        include /etc/nginx/uwsgi_params;
        uwsgi_pass unix:/tmp/app.sock;
}

    Creating your htpasswd/passwd file

    Install apache2-utils, there is a nice helper app that creates the htpasswd file for you very quickly. http://httpd.apache.org/docs/2.2/programs/htpasswd.html

    htpasswd -c -m <filename> <username>
    • 15

  3. Below config works for me for sharing a folder from my disk without any authentication for share folder and rest of the site required authentication

    server {
        listen       80;
        server_name  localhost;
        root C:\\Users\\Work\\XYZ\\;
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
        auth_basic "Administrator Login";
        auth_basic_user_file C:\\Users\\Work\\.htpasswd;

        location /share {
            auth_basic "off";
            allow all; # Allow all to see content 
            alias C:\\Users\\sg32884\\Work\\share\\;
        }
}
    • 5

  4. Nginx location

    This can be achieved with a sub location:

    upstream appserver-1 {
    server unix:/var/www/example.com/app/tmp/gunicorn.sock fail_timeout=0;
}
server {
    listen  80;
    server_name  example.com;

    location / {
        location /api/ {
            auth_basic          off;
            include includes/proxy.conf;
        }
        auth_basic                  "Restricted";
        auth_basic_user_file        /path/to/htpasswd;
        include includes/proxy.conf;
    }
}

    Note that proxy.conf contains the proxy conf

    • 2