Using auth_basic in dynamic vhosts


I have an nginx installation which allows vhosts to be setup


server {
root /data/www/$host;
index index.php index.html;

    location ~ .php$ {
            include         fastcgi_params;
            fastcgi_pass    unix:/tmp/.fastcgi.www/socket;
            fastcgi_index   index.php;
            fastcgi_param   SCRIPT_FILENAME 

fastcgi_param DOCUMENT_ROOT /data/www/$host/;


I had trouble writing a way to block access to certain directories,
without applying them to all vhosts. However I eventually realised
that you could do this:

if ($host ~* {
rewrite ^/private.* @403;
rewrite ^/admin.* @403;

    location = @403 {
            return 403;


This way I can restrict (in this case /private and /admin) on a
specific vhost, and not apply the same config option to all the other

However I have now come up against the problem of trying to implement
something similar with auth_basic. A couple of vhosts need to have
auth_basic applied to / … obviously this means that I cannot just
use the location operative as this will apply to all vhosts.

I attempted to use a similar setup as above, with an “@auth” location
and the appropriate rewrites, and whilst the authentication works
properly, I cannot make the scripts run. Typically I either get “No
Input Files” which indicates that fastcgi is not obtaining the right
path to pass to php, or a 404 error, which is probably my fault :wink:

If anyone can offer any advice it would be greatly appreciated.

Many thanks


Lee Brotherston ha scritto:

    index           index.php index.html;

    location = @403 {
            return 403;


Isn’t it better to simply add complete server blocks for these specific


Manlio P.

On Mon, Jul 07, 2008 at 05:38:13PM +0200, Manlio P. wrote:

Isn’t it better to simply add complete server blocks for these specific

Hi Manlio,

Whilst I agree that this is a way of achieving what I want, I don’t
necessarily think that it is the best way. I am trying to avoid
duplicating configuration (i.e. the rest of the server setup) across
multiple vhosts, so that a change need only be applied in one place to
affect all vhosts.



Hi Lee, you could try factoring chunks of what you want to do out into
separate files and using “include” so that you only have to change it

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs