Forum: NGINX basic-authentication and php?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
F7ec36678a4102de7a6895d299a60819?d=identicon&s=25 Ian Hobson (Guest)
on 2009-05-22 18:04
(Received via mailing list)
Hi all,
I'm trying to set up basic authentication to protect an area of the
website served by php.

The critical bits of my server directive are.

server (
   listen 80;
   server_name  site.com  www.site.com;
   root /var/www/site.com/htdocs;
   index  index.php index.html index.htm;
   access_log  /var/www/site.com/access.log;

   location ~ \.php {
      include /etc/nginx/fastcgi_params;
      fastcgi_pass 127.0.0.1:9000;
   }

   location ^~ /usage/ {
      auth_basic "Hello, Please login";
      auth_basic_user_file /var/www/site.com/passwords;
   }

   location ^~ /ppg/ {
      auth_basic "Hello, Please login";
      auth_basic_user_file /var/www/site.com/passwords;
   }
}

The directory /usage/ does NOT contain any php files and works just
fine.

The directory /ppg/ contains index.php - which is sent to the browser,
not to fastcgi :(

So how can I configure it.  (If basic-auth cannot work, it would be ok
to use
allow and deny all.)

I'm using nginx 0.6.35

Thanks

Ian
2c6f80fff253635f12c249ef4f116796?d=identicon&s=25 Jim Ohlstein (Guest)
on 2009-05-22 18:39
(Received via mailing list)
Ian Hobson wrote:
>   index  index.php index.html index.htm;
>   }
>
>   location ^~ /ppg/ {
>      auth_basic "Hello, Please login";
>      auth_basic_user_file /var/www/site.com/passwords;
>   }
I would try

location ^~ /ppg/ {
     auth_basic "Hello, Please login";
     auth_basic_user_file /var/www/site.com/passwords;
     include /etc/nginx/fastcgi_params;
     fastcgi_pass 127.0.0.1:9000;
  }
F7ec36678a4102de7a6895d299a60819?d=identicon&s=25 Ian Hobson (Guest)
on 2009-05-22 19:21
(Received via mailing list)
Jim Ohlstein wrote:
>>   listen 80;
>>   location ^~ /usage/ {
> location ^~ /ppg/ {
>     auth_basic "Hello, Please login";
>     auth_basic_user_file /var/www/site.com/passwords;
>     include /etc/nginx/fastcgi_params;
>     fastcgi_pass 127.0.0.1:9000;
>  }
>
Hi Jim,

I tried that, and got no style sheet, so I presumed that static files
were not being served. However, you are right. It works.

However, the error long in FireFox is telling me....

Error: The stylesheet http://www.site.com/ppg/css/style.css was not
loaded because its MIME type, "text/html", is not "text/css".
Source File: http://www.site.com/ppg/
Line: 0

I've checked /etc/nginx/mine-types, and it claims type text/css  for css
files, and the default-type is application/octet-stream.

So now I'm really confused.

Ian

p.s IE 6.0 is not so fussy. It simply leaves out some of the images :(
5640e332954fc0006aea97a155ce0afd?d=identicon&s=25 Igor Sysoev (Guest)
on 2009-05-22 19:33
(Received via mailing list)
On Fri, May 22, 2009 at 04:56:28PM +0100, Ian Hobson wrote:

>   index  index.php index.html index.htm;
>   }
> not to fastcgi :(
>
> So how can I configure it.  (If basic-auth cannot work, it would be ok
> to use
> allow and deny all.)
>
> I'm using nginx 0.6.35

The "/ppg/" request invokes an internel redirect to "/ppg/index.php",
which is handled in "location ^~ /ppg/", because regex testing is
disabled
by "^~". You should either remove "^~":

-   location ^~ /ppg/ {
+   location /ppg/ {

or add additional

    location = /ppg/index.php {
       include /etc/nginx/fastcgi_params;
       fastcgi_pass 127.0.0.1:9000;
       auth_basic "Hello, Please login";
       auth_basic_user_file /var/www/site.com/passwords;
    }
F5a6ed477b109fe6acc11a5a8f87e7e8?d=identicon&s=25 Michael Shadle (Guest)
on 2009-05-22 19:33
(Received via mailing list)
location /foo {
  auth_basic ..
  auth_bsic_user_file ...
  location ~ \.php {
  }
}

is how i've done it. you have to nest the php again inside of it, but
otherwise treat it no differently.

igor - you should make some sort of syntax for a globally effective
location or something - one that takes effect *always* within a server
block, at the end.

this would help for parsing PHP *always* if there is a .php file,
*always* include the expires headers, etc. right now, i've had to wind
up nesting those type of things inside of blocks where auth is
required for example (like above) - that would make location blocks to
me a lot easier to deal with.

essentially it would deal with all the location blocks and then apply
these "global" ones -after- it's done with the others...
2c6f80fff253635f12c249ef4f116796?d=identicon&s=25 Jim Ohlstein (Guest)
on 2009-05-22 19:41
(Received via mailing list)
Ian Hobson wrote:
>>> server (
>>>
>>
> were not being served. However, you are right. It works.
>
> So now I'm really confused.
>
> Ian
>
> p.s IE 6.0 is not so fussy. It simply leaves out some of the images :(
>
I don't know if you can nest a location block within a location block.
The Wiki would suggest not but I've never tested it. However, it would
be useful in this case if you could use:

location ^~ /ppg/ {
    auth_basic "Hello, Please login";
    auth_basic_user_file /var/www/site.com/passwords;
        location ~ .\php$  {
            include /etc/nginx/fastcgi_params;
            fastcgi_pass 127.0.0.1:9000;
        }
 }

That way only your php scripts would be passed to php and others served
directly by nginx.

Igor, is that possible?


Jim
F5a6ed477b109fe6acc11a5a8f87e7e8?d=identicon&s=25 Michael Shadle (Guest)
on 2009-05-22 19:44
(Received via mailing list)
On Fri, May 22, 2009 at 10:31 AM, Jim Ohlstein <jim.ohlstein@gmail.com>
wrote:

> directly by nginx.
>
> Igor, is that possible?

not only is it possible, i've been doing it that way for a long time.

in fact, i think igor is the one who originally gave me the example.
2c6f80fff253635f12c249ef4f116796?d=identicon&s=25 Jim Ohlstein (Guest)
on 2009-05-22 19:53
(Received via mailing list)
Michael Shadle wrote:
>> }
>
>
>
The Wiki currently lists the "context" for "location" as "server" only
which was why I was unsure.

http://wiki.nginx.org/NginxHttpCoreModule#location

Jim
5640e332954fc0006aea97a155ce0afd?d=identicon&s=25 Igor Sysoev (Guest)
on 2009-05-22 19:53
(Received via mailing list)
On Fri, May 22, 2009 at 01:31:13PM -0400, Jim Ohlstein wrote:

> >>>
> >>>     include /etc/nginx/fastcgi_params;
> >>>     auth_basic_user_file /var/www/site.com/passwords;
> >Hi Jim,
> >
> The Wiki would suggest not but I've never tested it. However, it would
>
> That way only your php scripts would be passed to php and others served
> directly by nginx.
>
> Igor, is that possible?

Yes, it's possible, however, I do not advertise this since nested
locations
have some bugs in inheritance. But in this case it will work.
2c6f80fff253635f12c249ef4f116796?d=identicon&s=25 Jim Ohlstein (Guest)
on 2009-05-22 20:02
(Received via mailing list)
Igor Sysoev wrote:
>>>>> I'm trying to set up basic authentication to protect an area of the
>>>>>
>>>>>  location ^~ /ppg/ {
>>>>    fastcgi_pass 127.0.0.1:9000;
>>> Error: The stylesheet http://www.site.com/ppg/css/style.css was not
>>>
>>        location ~ .\php$  {
>>            include /etc/nginx/fastcgi_params;
>>            fastcgi_pass 127.0.0.1:9000;
>>        }
>> }
>>
>>
typo    - location ~ .\php$ {
          + location ~ \.php$ {
>
Thanks Igor.

Jim
F7ec36678a4102de7a6895d299a60819?d=identicon&s=25 Ian Hobson (Guest)
on 2009-05-23 00:03
(Received via mailing list)
Igor, Jim, Michael

Many thanks to all your help.

That aspect of the site is working properly now in both IE and FireFox.

Tomorrow I will try to get my head round the nginx version of

 RewriteRule ^/ppg/(email|print)/(quote|ack|amend)(\d+)\.pdf$
/ppg/index.php?view=$2&act=$1&id=$3

For now, its been a long day and I'm bushed.

Good night. And thanks again.

Ian
5640e332954fc0006aea97a155ce0afd?d=identicon&s=25 Igor Sysoev (Guest)
on 2009-05-23 07:46
(Received via mailing list)
On Fri, May 22, 2009 at 10:52:19PM +0100, Ian Hobson wrote:

> Igor, Jim, Michael
>
> Many thanks to all your help.
>
> That aspect of the site is working properly now in both IE and FireFox.
>
> Tomorrow I will try to get my head round the nginx version of
>
> RewriteRule ^/ppg/(email|print)/(quote|ack|amend)(\d+)\.pdf$
> /ppg/index.php?view=$2&act=$1&id=$3

The faster way (0.7.x):

location ^~ /ppg/ {
   auth_basic "Hello, Please login";
   auth_basic_user_file /var/www/site.com/passwords;

   location ~ ^/ppg/(email|print)/(quote|ack|amend)(\d+)\.pdf$ {
       fastcgi_pass    127.0.0.1:9000;

       fastcgi_param   SCRIPT_FILENAME  /path/to/php/ppg/index.php;
       fastcgi_param   QUERY_STRING     view=$2&act=$1&id=$3;

       # fastcgi_params0 must have no SCRIPT_FILENAME and QUERY_STRING
       include /etc/nginx/fastcgi_params0;
   }

   location ~ .\php$  {
       fastcgi_pass 127.0.0.1:9000;
       include /etc/nginx/fastcgi_params;
   }
}

The slower way:

location ^~ /ppg/ {
   auth_basic "Hello, Please login";
   auth_basic_user_file /var/www/site.com/passwords;

   rewrite  ^/ppg/(email|print)/(quote|ack|amend)(\d+)\.pdf$
            /ppg/index.php?view=$2&act=$1&id=$3
            last;

   location ~ .\php$  {
       fastcgi_pass 127.0.0.1:9000;
       include /etc/nginx/fastcgi_params;
   }
}
This topic is locked and can not be replied to.