BasicAuth config question

pg151 at dev-mail.net pg151 at dev-mail.net
Thu Oct 25 16:56:27 UTC 2018


If I define

	nginx.conf
		...
		server {
			...
			include includes/conf1.inc;
			include includes/conf2.inc;
			...
		}
		...

	cat includes/conf1.inc;
		location ~ ^/sec($|/$) {
			deny all;
		}

	cat includes/conf2.inc;
		location = /sec/status {
			auth_basic 'Secure Access';
			auth_basic_user_file  /etc/nginx/sec/users;
			stub_status on;
		}

@ https://example.com/sec/status

displays, as intended, a HTTP Basic Auth challenge.

But, if I move the auth_basic* into the immediately prior config file,

	cat includes/conf1.inc;
		location ~ ^/sec($|/$) {
			deny all;
		}
+		location ~ ^/sec {
+			auth_basic 'Secure Access';
+			auth_basic_user_file  /etc/nginx/sec/users;
+		}

	cat includes/conf2.inc;
		location = /sec/status {
-			auth_basic 'Secure Access';
-			auth_basic_user_file  /etc/nginx/sec/users;
			stub_status on;
		}

@ https://example.com/sec/status

displays server status immediately, WITHOUT any HTTP Basic Auth challenge.

What's wrong with my 2nd config that's causing it to NOT invoke Basic Auth challenge?


More information about the nginx mailing list