I've tried hard to understand NginX's logic in location order processing but it still is beyond me, and I suspect that's why I am getting the following issue.
I run a SugarCRM instance, which I have blocked off with basic auth. There are a few files such as ical_server.php which I want to turn off basic auth for, so the smartphones can easily reach this subscribed calendar which has its own token based security already.
I have this in my conf. But the ical_server.php is being downloaded as raw php, which suggests it's not reaching the fastcgi parser, even though the rest of the CRM works just fine.
location /sugarcrm/ {
auth_basic "Username and Password are required";
auth_basic_user_file /var/web/webaddress.tld/private/.htpasswd;
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
location ~ _server.php$ {
auth_basic "off";
}
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_read_timeout 600;
fastcgi_send_timeout 600;
fastcgi_max_temp_file_size 0;
fastcgi_buffer_size 56k;
fastcgi_buffers 16 48k;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
How can I achieve this selective switching off of auth basic?
As I cannot reward Alexey Ten with the correct answer through his comment, here is the working config:
Because, as Alexey points out, the fastcgi doesn't get inherited, I have to put it in the _server.php$ location again. Through an include, it tidies things up nicely too. Now the php gets parsed nicely.
(The fact auth_basic is off on that file entirely is actually not intended, but that's being covered in another question. Just mentioning it in case someone finds this...)
Thanks again Alexey.