Basic authentication and reverse proxy

John Moore grails at
Thu Nov 20 22:39:59 MSK 2008

I'm using nginx (0.5.32) as a reverse proxy for Tomcat, and it's working 
spectacularly well. There are some admin pages I want to protect, 
initially just with Basic authentication, and I think I've set it up 
right, but what I'm seeing puzzles me. Below is a simplified version of 
my nginx.conf:

server {
        listen 80;

        location / {
            include /etc/nginx/proxy.conf;
        location /viewServers.htm {
            auth_basic "Restricted";
            auth_basic_user_file /etc/nginx/users;
            include /etc/nginx/proxy.conf;


Normally everything is proxied to the backend Tomcat server. What I want 
now is for the /viewServers.htm page to be protected. It prompts for the 
username and password and when these have been entered correctly, it 
forwards the request, but evidently makes some change to it which I 
can't work out, as it turns up at Tomcat as if it is just / (i.e., 
without the viewServers.htm), even though it is displayed in the browser 
as /viewServers.htm (in the Tomcat access log, no such page is 
recorded). If I remove the whole location /viewServers.htm... block, I 
get a quite different (correct) page served.

Have I set this up right? What do I need to do to have basic 
authentication working for a certain set of requests which nginx is to 
forward to a back end server?

More information about the nginx mailing list