Basic-authentication and php?


#1

Hi all,
I’m trying to set up basic authentication to protect an area of the
website served by php.

The critical bits of my server directive are.

server (
listen 80;
server_name site.com www.site.com;
root /var/www/site.com/htdocs;
index index.php index.html index.htm;
access_log /var/www/site.com/access.log;

location ~ .php {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
}

location ^~ /usage/ {
auth_basic “Hello, Please login”;
auth_basic_user_file /var/www/site.com/passwords;
}

location ^~ /ppg/ {
auth_basic “Hello, Please login”;
auth_basic_user_file /var/www/site.com/passwords;
}
}

The directory /usage/ does NOT contain any php files and works just
fine.

The directory /ppg/ contains index.php - which is sent to the browser,
not to fastcgi :frowning:

So how can I configure it. (If basic-auth cannot work, it would be ok
to use
allow and deny all.)

I’m using nginx 0.6.35

Thanks

Ian


#2

Ian H. wrote:

index index.php index.html index.htm;
}

location ^~ /ppg/ {
auth_basic “Hello, Please login”;
auth_basic_user_file /var/www/site.com/passwords;
}
I would try

location ^~ /ppg/ {
auth_basic “Hello, Please login”;
auth_basic_user_file /var/www/site.com/passwords;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
}


#3

Jim O. wrote:

listen 80;
location ^~ /usage/ {
location ^~ /ppg/ {
auth_basic “Hello, Please login”;
auth_basic_user_file /var/www/site.com/passwords;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
}

Hi Jim,

I tried that, and got no style sheet, so I presumed that static files
were not being served. However, you are right. It works.

However, the error long in FireFox is telling me…

Error: The stylesheet http://www.site.com/ppg/css/style.css was not
loaded because its MIME type, “text/html”, is not “text/css”.
Source File: http://www.site.com/ppg/
Line: 0

I’ve checked /etc/nginx/mine-types, and it claims type text/css for css
files, and the default-type is application/octet-stream.

So now I’m really confused.

Ian

p.s IE 6.0 is not so fussy. It simply leaves out some of the images :frowning:


#4

On Fri, May 22, 2009 at 04:56:28PM +0100, Ian H. wrote:

index index.php index.html index.htm;
}
not to fastcgi :frowning:

So how can I configure it. (If basic-auth cannot work, it would be ok
to use
allow and deny all.)

I’m using nginx 0.6.35

The “/ppg/” request invokes an internel redirect to “/ppg/index.php”,
which is handled in “location ^~ /ppg/”, because regex testing is
disabled
by “^~”. You should either remove “^~”:

  • location ^~ /ppg/ {
  • location /ppg/ {

or add additional

location = /ppg/index.php {
   include /etc/nginx/fastcgi_params;
   fastcgi_pass 127.0.0.1:9000;
   auth_basic "Hello, Please login";
   auth_basic_user_file /var/www/site.com/passwords;
}

#5

location /foo {
auth_basic …
auth_bsic_user_file …
location ~ .php {
}
}

is how i’ve done it. you have to nest the php again inside of it, but
otherwise treat it no differently.

igor - you should make some sort of syntax for a globally effective
location or something - one that takes effect always within a server
block, at the end.

this would help for parsing PHP always if there is a .php file,
always include the expires headers, etc. right now, i’ve had to wind
up nesting those type of things inside of blocks where auth is
required for example (like above) - that would make location blocks to
me a lot easier to deal with.

essentially it would deal with all the location blocks and then apply
these “global” ones -after- it’s done with the others…


#6

Ian H. wrote:

server (

were not being served. However, you are right. It works.

So now I’m really confused.

Ian

p.s IE 6.0 is not so fussy. It simply leaves out some of the images :frowning:

I don’t know if you can nest a location block within a location block.
The Wiki would suggest not but I’ve never tested it. However, it would
be useful in this case if you could use:

location ^~ /ppg/ {
auth_basic “Hello, Please login”;
auth_basic_user_file /var/www/site.com/passwords;
location ~ .\php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
}
}

That way only your php scripts would be passed to php and others served
directly by nginx.

Igor, is that possible?

Jim


#7

On Fri, May 22, 2009 at 10:31 AM, Jim O. removed_email_address@domain.invalid
wrote:

directly by nginx.

Igor, is that possible?

not only is it possible, i’ve been doing it that way for a long time.

in fact, i think igor is the one who originally gave me the example.


#8

Igor S. wrote:

I’m trying to set up basic authentication to protect an area of the

location ^~ /ppg/ {
fastcgi_pass 127.0.0.1:9000;
Error: The stylesheet http://www.site.com/ppg/css/style.css was not

   location ~ .\php$  {
       include /etc/nginx/fastcgi_params;
       fastcgi_pass 127.0.0.1:9000;
   }

}

typo - location ~ .\php$ {
+ location ~ .php$ {

Thanks Igor.

Jim


#9

Michael S. wrote:

}

The Wiki currently lists the “context” for “location” as “server” only
which was why I was unsure.

http://wiki.nginx.org/NginxHttpCoreModule#location

Jim


#10

On Fri, May 22, 2009 at 01:31:13PM -0400, Jim O. wrote:

include /etc/nginx/fastcgi_params;
auth_basic_user_file /var/www/site.com/passwords;

Hi Jim,

The Wiki would suggest not but I’ve never tested it. However, it would

That way only your php scripts would be passed to php and others served
directly by nginx.

Igor, is that possible?

Yes, it’s possible, however, I do not advertise this since nested
locations
have some bugs in inheritance. But in this case it will work.


#11

Igor, Jim, Michael

Many thanks to all your help.

That aspect of the site is working properly now in both IE and FireFox.

Tomorrow I will try to get my head round the nginx version of

RewriteRule ^/ppg/(email|print)/(quote|ack|amend)(\d+).pdf$
/ppg/index.php?view=$2&act=$1&id=$3

For now, its been a long day and I’m bushed.

Good night. And thanks again.

Ian


#12

On Fri, May 22, 2009 at 10:52:19PM +0100, Ian H. wrote:

Igor, Jim, Michael

Many thanks to all your help.

That aspect of the site is working properly now in both IE and FireFox.

Tomorrow I will try to get my head round the nginx version of

RewriteRule ^/ppg/(email|print)/(quote|ack|amend)(\d+).pdf$
/ppg/index.php?view=$2&act=$1&id=$3

The faster way (0.7.x):

location ^~ /ppg/ {
auth_basic “Hello, Please login”;
auth_basic_user_file /var/www/site.com/passwords;

location ~ ^/ppg/(email|print)/(quote|ack|amend)(\d+).pdf$ {
fastcgi_pass 127.0.0.1:9000;

   fastcgi_param   SCRIPT_FILENAME  /path/to/php/ppg/index.php;
   fastcgi_param   QUERY_STRING     view=$2&act=$1&id=$3;

   # fastcgi_params0 must have no SCRIPT_FILENAME and QUERY_STRING
   include /etc/nginx/fastcgi_params0;

}

location ~ .\php$ {
fastcgi_pass 127.0.0.1:9000;
include /etc/nginx/fastcgi_params;
}
}

The slower way:

location ^~ /ppg/ {
auth_basic “Hello, Please login”;
auth_basic_user_file /var/www/site.com/passwords;

rewrite ^/ppg/(email|print)/(quote|ack|amend)(\d+).pdf$
/ppg/index.php?view=$2&act=$1&id=$3
last;

location ~ .\php$ {
fastcgi_pass 127.0.0.1:9000;
include /etc/nginx/fastcgi_params;
}
}