Using auth_basic in dynamic vhosts

Lee Brotherston lee at
Mon Jul 7 18:43:06 MSD 2008


I have an nginx installation which allows vhosts to be setup


server {
        root            /data/www/$host;
        index           index.php index.html;

        location ~ .php$ {
                include         fastcgi_params;
                fastcgi_pass    unix:/tmp/.fastcgi.www/socket;
                fastcgi_index   index.php;
                fastcgi_param   SCRIPT_FILENAME /data/www/$host/$fastcgi_script_name;
                fastcgi_param   DOCUMENT_ROOT   /data/www/$host/;


I had trouble writing a way to block access to certain directories,
without applying them to all vhosts.  However I eventually realised
that you could do this:

        if ($host ~* {
                rewrite ^/private.* @403;
                rewrite ^/admin.* @403;

        location = @403 {
                return 403;


This way I can restrict (in this case /private and /admin) on a
specific vhost, and not apply the same config option to all the other

However I have now come up against the problem of trying to implement
something similar with auth_basic.  A couple of vhosts need to have
auth_basic applied to / ... obviously this means that I cannot just
use the location operative as this will apply to all vhosts.

I attempted to use a similar setup as above, with an "@auth" location
and the appropriate rewrites, and whilst the authentication works
properly, I cannot make the scripts run.  Typically I either get "No
Input Files" which indicates that fastcgi is not obtaining the right
path to pass to php, or a 404 error, which is probably my fault ;)

If anyone can offer any advice it would be greatly appreciated.

Many thanks


Lee Brotherston - <lee at>

More information about the nginx mailing list