How to disable nginx basic_auth for one location but enable it for the rest of the site
15,939
You can see in nginx auth basic docs that "auth_basic off;" is what you need. So I suspect that there's something else going on here. Show us how/that you're hitting the URL?
Perhaps you're hitting /api without the trailing slash? If you're still having problems, you could probably kludge around it with:
location /api/ {
satisfy any;
allow all;
auth_basic "dk";
auth_basic_user_file "/var/www/htpasswd";
}
It's the Wrong way to do it, but depending on the importance of doing the Right Thing in your environment, it might be expeditious (if you have location/inheritance specified correctly)
Related videos on Youtube
06 : 43
Location blocks | nginx
22 : 31
Securing Your Containerized Applications with NGINX
02 : 22
How to disable nginx basic_auth for one location but enable it for the rest of the site?
11 : 26
Basic Authentication with Nginx | Whitelisting | Username-password | Nginx Tutorial
02 : 05
DevOps & SysAdmins: How to disable Nginx logging for localhost or certain ip?
Author by
user219872
Updated on September 18, 2022Comments
-
user219872 almost 2 years
I'm trying to get basic_auth disabled for a specific directory (
/api/), but still have basic auth for the rest of the site I'm working with. The following is mynginx.conf:server { # base settings listen 80; server_name somesite-somewhere-anywhere.com; root /var/www/wordpress; index index.php index.html index.htm; if (!-e $request_filename) { rewrite ^(.+)$ /index.php?q=$1 last; } # setup logs access_log /var/log/nginx/somesite-somewhere-anywhere.com.access.log; error_log /var/log/nginx/somesite-somewhere-anywhere.com.error.log; # setup 404 error_page 404 /404.html; location /404.html { internal; } # map 403 to 404 error_page 403 = 404; # hide wordpress details location ~ /(\.|wp-config.php|readme.html|licence.txt) { return 404; } # add trailing slash to wp-admin requests rewrite /wp-admin$ $scheme://$host$uri/ permanent; # ignore robots in logging location = /robots.txt { allow all; log_not_found off; access_log off; } # ssl redirect # setup location location / { # setup basic auth auth_basic dk; auth_basic_user_file /var/www/htpasswd; # fastcgi setup location ~* (^(?!(?:(?!(php|inc)).)*/uploads/).*?(php)) { try_files $uri = 404; fastcgi_split_path_info ^(.+.php)(.*)$; fastcgi_pass unix:/var/run/php-fpm.socket; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; fastcgi_send_timeout 180; fastcgi_read_timeout 180; fastcgi_buffer_size 128k; fastcgi_buffers 4 256k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; } # prevent access to hidden files location ~ /\. { deny all; access_log off; log_not_found off; } } # allow access to api without auth location /api/ { auth_basic "off" ; } }-
user219872 about 10 yearsyep, I tried that thanks, it seems to be a problem with some of the wordpress specific settings, i'll edit my post to reflect my findings
-
-
dimitarvp almost 10 years+1 for the mention of the official docs. Helped me resolve my problem without much digging.
