Enable basic auth sitewide and disabling it for subpages?
Solution 1
How about two files?
includes/proxy.conf would be:
proxy_pass http://appserver-1;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
And your current conf file:
upstream appserver-1 {
server unix:/var/www/example.com/app/tmp/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name example.com;
location / {
auth_basic "Restricted";
auth_basic_user_file /path/to/htpasswd;
include includes/proxy.conf;
}
location /api/ {
auth_basic off;
include includes/proxy.conf;
}
}
Solution 2
Config file
In Nginx 1.4.4 you need quotes around off
for the auth_basic
setting.
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/passwd;
include /etc/nginx/uwsgi_params;
uwsgi_pass unix:/tmp/app.sock;
}
location /api {
auth_basic "off";
include /etc/nginx/uwsgi_params;
uwsgi_pass unix:/tmp/app.sock;
}
Creating your htpasswd/passwd file
Install apache2-utils
, there is a nice helper app that creates the htpasswd file for you very quickly. http://httpd.apache.org/docs/2.2/programs/htpasswd.html
htpasswd -c -m <filename> <username>
Solution 3
Below config works for me for sharing a folder from my disk without any authentication for share folder and rest of the site required authentication
server {
listen 80;
server_name localhost;
root C:\\Users\\Work\\XYZ\\;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
auth_basic "Administrator Login";
auth_basic_user_file C:\\Users\\Work\\.htpasswd;
location /share {
auth_basic "off";
allow all; # Allow all to see content
alias C:\\Users\\sg32884\\Work\\share\\;
}
}
Solution 4
Nginx location
This can be achieved with a sub location:
upstream appserver-1 {
server unix:/var/www/example.com/app/tmp/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name example.com;
location / {
location /api/ {
auth_basic off;
include includes/proxy.conf;
}
auth_basic "Restricted";
auth_basic_user_file /path/to/htpasswd;
include includes/proxy.conf;
}
}
Note that proxy.conf
contains the proxy conf
Related videos on Youtube
Benjamin Wohlwend
Updated on September 18, 2022Comments
-
Benjamin Wohlwend almost 2 years
I have a relatively straight forward config:
upstream appserver-1 { server unix:/var/www/example.com/app/tmp/gunicorn.sock fail_timeout=0; } server { listen 80; server_name example.com; location / { proxy_pass http://appserver-1; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; auth_basic "Restricted"; auth_basic_user_file /path/to/htpasswd; } location /api/ { auth_basic off; } }
The goal is to use basic auth on the whole website, except on the
/api/
subtree. While it does work with respect to basic auth, other directives likeproxy_pass
are not in effect on/api/
as well.Is it possible to just disable basic auth while retaining the other directives without copy&pasting everything?
-
PJ Brunet over 4 yearsI would like to know if there's an "official" way to do this for
certbot renew
-- I tried a few examples but ultimately had to comment out my "auth_basic" config to get certbot working, in other words my config will break in 90 days. In any case, I think Nginx should add some extra option likeauth_basic_certbot "allow";
where "allow" is the default. That would make this a no-brainer.
-
-
mehov over 7 yearsThis does exclude a specific location and prompt for a password for the rest of the site. However, if I click cancel, instead of the 401 error page, it shows me the actual page I requested, but without any static files.
-
Adrian Leonhard about 2 yearsAdditional info: the reason the config in the question doesn't work is that "If there are several matching location blocks nginx selects the one with the longest prefix." cf nginx.org/en/docs/beginners_guide.html