I’m using nginx (0.5.32) as a reverse proxy for Tomcat, and it’s working
spectacularly well. There are some admin pages I want to protect,
initially just with Basic authentication, and I think I’ve set it up
right, but what I’m seeing puzzles me. Below is a simplified version of
my nginx.conf:
server {
listen 80;
location / {
include /etc/nginx/proxy.conf;
}
location /viewServers.htm {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/users;
include /etc/nginx/proxy.conf;
}
}
Normally everything is proxied to the backend Tomcat server. What I want
now is for the /viewServers.htm page to be protected. It prompts for the
username and password and when these have been entered correctly, it
forwards the request, but evidently makes some change to it which I
can’t work out, as it turns up at Tomcat as if it is just / (i.e.,
without the viewServers.htm), even though it is displayed in the browser
as /viewServers.htm (in the Tomcat access log, no such page is
recorded). If I remove the whole location /viewServers.htm… block, I
get a quite different (correct) page served.
Have I set this up right? What do I need to do to have basic
authentication working for a certain set of requests which nginx is to
forward to a back end server?