Login/Register
Exclude one directory from Nginx password authentication
Asked Answered
Solved ubuntunginxdebian-based
S

2

7

I have setup my Nginx server to have authentication for everything, but I want to exclude all the files under /var/www/html/t/sms/plivo for password authentication. I have tried using different paths but it always asks for a password when I try to access a file under /var/www/html/t/sms/plivo from my browser.

Below is my /etc/nginx/sites-available/default file

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /var/www/html;

        index index.php index.html index.htm index.nginx-debian.html;

        server_name _;

        auth_basic "Private Property";
        auth_basic_user_file /etc/nginx/.htpasswd;

        #no password for the plivo folder so we can recieve messages!
        location = /t/sms/plivo/ {
                auth_basic off;
                allow all; # Allow all to see content
        }

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }
}
Sap answered 15/6, 2017 at 20:38 Comment(0)
L
6

The location = syntax matches one URI and not all of the URIs under it. Also, you should use the ^~ modifier to prevent the regular expression location blocks from interfering. See this document for the rules regarding the evaluation order for location blocks.

If you have any PHP files under /t/sms/plivo/ you will need to add a nested location block to handle those.

For example:

location ^~ /t/sms/plivo/ {
    auth_basic off;
    allow all; # Allow all to see content

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }
}

That location ~ \.php$ block is in addition to the block already in your configuration with the same name. And, you probably do not need the allow all statement, unless you have some deny rules that I cannot see.

Legitimist answered 15/6, 2017 at 21:9 Comment(0)
J
1

hope it will help anyone - we have to skip auth for ALL uri's under the url, so

location ^~ /some/location/to_skip/ {
  auth_basic off;
  try_files $uri $uri/ /index.html;
}
Jed answered 16/10, 2020 at 15:20 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.