Using Nginx auth in PHP scripts

B.R · February 26, 2013, 10:00pm

Hello,

The only information I got on the Web was to protect folders with Nginx
auth, just like the plein old Apache’s .htaccess.

I am already using AuthPlain to secure a folder with Nginx, using PHP
scripts inside.
I wonder if it was possible to use Nginx auth information inside those
PHP
scripts.

More precisely, I would have a directory protected with AuthPlain and I
would have a script (let’s call it index.php) being called when the
authentication is successful.
The AuthPlain has several users registered and I would like to know if
index.php might be aware who logged in to welcom him with his/her
username.

Am I dreaming too much ?

B. R.

B.R · February 26, 2013, 10:24pm

Thanks, I learned something there.

But does the auth_basic
modulehttp://nginx.org/en/docs/http/ngx_http_auth_basic_module.htmlallows
you to load the username in a Nginx variable?
From what I understand everything is processed internally.

B. R.

B.R · February 26, 2013, 10:15pm

You can pass environment vars to PHP no problem…

Eg: if you set up geoip in nginx.conf

geoip_country /usr/share/GeoIP/GeoIP.dat;

this makes $geoip_country_code available to your nginx config.

If you then set
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;

then

$_SERVER[‘GEOIP_COUNTRY_CODE’] is then available to php.

This can be done for any variable set within nginx.

hth,

Stve

B.R · February 26, 2013, 10:30pm

On Tue, Feb 26, 2013 at 04:23:14PM -0500, B.R. wrote:

Hi there,

But does the auth_basic
modulehttp://nginx.org/en/docs/http/ngx_http_auth_basic_module.htmlallows
you to load the username in a Nginx variable?
From what I understand everything is processed internally.

http://nginx.org/en/docs/http/ngx_http_core_module.html#variables

$remote_user is what you want as the nginx variable, if you are using
http basic authentication.

f

Francis D. [email protected]

B.R · February 26, 2013, 11:28pm

Thanks to both of you, I got the info I was seeking for.

However, when I try to activate the fastcgi_param, the content doesn’t
seem
to reach PHP anymore.
No error logged neither in Nginx nor PHP it seems.
I feel like I am a noob… oO

server {
listen 80;
server_name ~ab.cd$;
root /var/web/$host;
index index.html index.php;
try_files $uri $uri/ =404;
access_log /var/log/nginx/ab.cd/access.log main;
error_log /var/log/nginx/ab.cd/error.log warn;
include conf.d/includes/fastcgi.conf;
auth_basic “Get out!”;
auth_basic_user_file /var/web/ab.cd.htpasswd;

    location ~ \.php$ {
            fastcgi_pass    unix:/var/run/php-fpm.sock;

            #If the following is activated, no more PHP output...

Something is wrong

fastcgi_param MY_GREAT_USER $remote_user;

}

B. R.

B.R · February 26, 2013, 10:31pm

It’s my understanding the $remote_user is available.

Sorry, a poor example. Could have used one that answers your question
directly…

Steve

B.R · February 27, 2013, 5:39am

Thanks for your great help!

Now I think I got it all.
Well it was non-sense to put fastcgi out of the PHP location anyway…
but
I didn’t know about the environment problem.
I’ll try to think about that next time something I play with Nginx
configuration.

Everything is OK now.

B. R.

B.R · February 26, 2013, 11:35pm

On Tue, Feb 26, 2013 at 05:26:49PM -0500, B.R. wrote:

I feel like I am a noob… oO

The problem is due to how nginx directives are inherited to different
levels. It’s consistent within nginx, so once you learn it you can apply
it to all directives which inherit.

Just put your new fastcgi_param directive at the same level as the
others
(which are in the “include” file).

So, either:

    include         conf.d/includes/fastcgi.conf;

put “fastcgi_param” here, or

fastcgi_param MY_GREAT_USER $remote_user;

put “include” here.

f

Francis D. [email protected]