Forum: NGINX howto create conditional basic authentication

howto create conditional basic authentication
Posted by Paul Swielingen (pvsw01)
on 2010-02-05 23:23 
Hi all,

I have an operational NGINX server with e few dozen location {}
definitions

When a connection is made from an internal network towards the server
the client browser gets all the pages. Now I like to add external
access, but I need to require basic authentication. Can this be done
without duplication of these few dozen location {} definitions or ???

Hope anybody can help me out.
Edit | Move | Delete topic | Reply with quote
Re: howto create conditional basic authentication
Posted by Maxim Dounin (Guest)
on 2010-02-05 23:57
(Received via mailing list) 
Hello!

On Fri, Feb 05, 2010 at 11:23:47PM +0100, Paul Swielingen wrote:

> I have an operational NGINX server with e few dozen location {}
> definitions
> 
> When a connection is made from an internal network towards the server
> the client browser gets all the pages. Now I like to add external
> access, but I need to require basic authentication. Can this be done
> without duplication of these few dozen location {} definitions or ???

Try this at server level:

    satisfy any;

    # allow internal networks
    allow 10.0.0.0/8;
    deny all;

    # allow authenticated users
    auth_basic ...
    auth_basic_user_files ...

Wiki has no up-to-date information about satisfy directive
(0.6.25+), but it's basically the same as deprecated satisfy_any
as described here:

http://wiki.nginx.org/NginxHttpCoreModule#satisfy_any

Original documentation (in Russian) is here:

http://sysoev.ru/nginx/docs/http/ngx_http_core_module.html#satisfy

To Igor: docs lists only "location" context for satisfy directive,
while it's allowed at http and server level.  Could you please fix
it?

Maxim Dounin
Edit | Delete | Reply with quote
Re: howto create conditional basic authentication
Posted by Ryan Malayter (Guest)
on 2010-02-05 23:59
(Received via mailing list) 
On Fri, Feb 5, 2010 at 4:23 PM, Paul Swielingen <lists@ruby-forum.com> 
wrote:
> Hi all,
>
> I have an operational NGINX server with e few dozen location {}
> definitions
>
> When a connection is made from an internal network towards the server
> the client browser gets all the pages. Now I like to add external
> access, but I need to require basic authentication. Can this be done
> without duplication of these few dozen location {} definitions or ???
>

I think creative use of the "include" directive can eliminate the
duplication for you. Keep the config for locations in separate files,
and then include them as appropriate. You can also have an include for
authentication.
http://wiki.nginx.org/NginxHttpMainModule#include

--
RPM
Edit | Delete | Reply with quote
Enable email notification | Enable multi-page view
Please log in before posting. Registration is free and takes only a minute.
Existing account (Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
No account? Register here.
Powered by RForum and Captchator. Contact information - E-Mail: webmaster (at) ruby-forum (dot) com.