Forum: NGINX Using Nginx auth in PHP scripts

Hello,

The only information I got on the Web was to protect folders with Nginx
auth, just like the plein old Apache's .htaccess.

I am already using AuthPlain to secure a folder with Nginx, using PHP
scripts inside.
I wonder if it was possible to use Nginx auth information inside those 
PHP
scripts.

More precisely, I would have a directory protected with AuthPlain and I
would have a script (let's call it index.php) being called when the
authentication is successful.
The AuthPlain has several users registered and I would like to know if
index.php might be aware who logged in to welcom him with his/her 
username.

Am I dreaming too much ?
---
*B. R.*

You can pass environment vars to PHP no problem...

Eg: if you set up geoip in nginx.conf

geoip_country    /usr/share/GeoIP/GeoIP.dat;

this makes $geoip_country_code available to your nginx config.

If you then set
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;

then

$_SERVER['GEOIP_COUNTRY_CODE'] is then available to php.

This can be done for any variable set within nginx.

hth,

Stve

Thanks, I learned something there.

But does the auth_basic
module<http://nginx.org/en/docs/http/ngx_http_auth_basic_...
you to load the username in a Nginx variable?
From what I understand everything is processed internally.

---
*B. R.*

On Tue, Feb 26, 2013 at 04:23:14PM -0500, B.R. wrote:

Hi there,

> But does the auth_basic
> module<http://nginx.org/en/docs/http/ngx_http_auth_basic_...
> you to load the username in a Nginx variable?
> From what I understand everything is processed internally.

http://nginx.org/en/docs/http/ngx_http_core_module...

$remote_user is what you want as the nginx variable, if you are using
http basic authentication.

  f
--
Francis Daly        francis@daoine.org

It's my understanding the $remote_user is available.

Sorry, a poor example. Could have used one that answers your question
directly...

Steve

Thanks to both of you, I got the info I was seeking for.

However, when I try to activate the fastcgi_param, the content doesn't 
seem
to reach PHP anymore.
No error logged neither in Nginx nor PHP it seems.
I feel like I am a noob... oO

server {
        listen          80;
        server_name     ~ab.cd$;
        root            /var/web/$host;
        index           index.html index.php;
        try_files       $uri    $uri/   =404;
        access_log      /var/log/nginx/ab.cd/access.log main;
        error_log       /var/log/nginx/ab.cd/error.log warn;
        include         conf.d/includes/fastcgi.conf;
        auth_basic              "Get out!";
        auth_basic_user_file    /var/web/ab.cd.htpasswd;

        location ~ \.php$ {
                fastcgi_pass    unix:/var/run/php-fpm.sock;

                #If the following is activated, no more PHP output...
Something is wrong
#                fastcgi_param   MY_GREAT_USER      $remote_user;
        }
}

---
*B. R.*

On Tue, Feb 26, 2013 at 05:26:49PM -0500, B.R. wrote:

> I feel like I am a noob... oO

The problem is due to how nginx directives are inherited to different
levels. It's consistent within nginx, so once you learn it you can apply
it to all directives which inherit.

Just put your new fastcgi_param directive at the same level as the 
others
(which are in the "include" file).

So, either:

>         include         conf.d/includes/fastcgi.conf;

put "fastcgi_param" here, or

> #                fastcgi_param   MY_GREAT_USER      $remote_user;

put "include" here.

  f
--
Francis Daly        francis@daoine.org

Thanks for your great help!

Now I think I got it all.
Well it was non-sense to put fastcgi out of the PHP location anyway... 
but
I didn't know about the environment problem.
I'll try to think about that next time something I play with Nginx
configuration.

Everything is OK now.

---
*B. R.*