Is authentication not supported over https?

Igor Sysoev is at rambler-co.ru
Sun Mar 4 22:52:56 MSK 2007


On Sat, Mar 03, 2007 at 07:43:12AM -0500, Wayne E. Seguin wrote:

> On Mar 02, 2007, at 14:14 , Wayne E. Seguin wrote:
> >New issue, I can't seem to use the basic authentication with https.
> >Is authentication not supported over https?
> 
> I figured out how to get it working, it still doesn't make sense to  
> me though.
> 
> What I did to get it working was move the auth lines into the server/  
> section from the location/ section contained within.
> 
> Even though the documentation
>     http://wiki.codemongers.com/NginxHttpAuthBasicModule#auth_basic
> specifically states that context may be "context: http, server,  
> location, limit_except".
> 
> My best guess as to why this move worked is something to the tune of:
> The auth was literally ONLY applying to / and once the location went  
> away from / it no longer worked...
> but that's only a half-baked idea.

If you have two locations:

   location / {  }

   location /some/ {  }

and request is "/some/uri", then it will be handled using the location
"/some/" configuration. See the location handling order here
http://wiki.codemongers.com/NginxHttpCoreModule#location

When you set up the auth directives at server level, then they are inherited
to all locations (unless you set "auth_basic off" in some locations).

> Thanks!
>   ~Wayne
> 
> For your reference, the working sections are below:
> 
> http {
> ...
> server {
>   # port to listen on. Can also be set to an IP:PORT
>   listen 443;
> 
>   ssl                  on;
>   ssl_certificate      /etc/nginx/ssl/blog.jentryx.com.crt;
>   ssl_certificate_key  /etc/nginx/ssl/blog.jentryx.com.key;
>   #keepalive_timeout    70;
> 
>   # Set the max size for file uploads to 50Mb
>   client_max_body_size 50M;
> 
>   # sets the domain[s] that this vhost server requests for
>   server_name blog.jentryx.com;
> 
>   auth_basic            "Restricted";
>   auth_basic_user_file  /etc/nginx/users;
> 
>   # doc root
>   root /home/jentryx_blog/current/public;
> 
>   # vhost specific access log
>   access_log  /var/log/nginx.vhost.access.log  main;
> 
>   # this rewrites all the requests to the maintenance.html
>   # page if it exists in the doc root. This is for capistrano's
>   # disable web task
>   if (-f $document_root/system/maintenance.html) {
>     rewrite  ^(.*)$  /system/maintenance.html last;
>     break;
>   }
> 
>   location / {
> 
>     # needed to forward user's IP address to rails
>     proxy_set_header  X-Real-IP  $remote_addr;
> 
>     # needed for HTTPS
>     proxy_set_header X_FORWARDED_PROTO https;
> 
>     # needed for HTTPS
>     proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
>     proxy_set_header Host $http_host;
>     proxy_redirect false;
>     proxy_max_temp_file_size 0;
> 
>   ...
>   }
>   ...
> }
> }


-- 
Igor Sysoev
http://sysoev.ru/en/





More information about the nginx mailing list