Using auth_basic in dynamic vhosts

Lee Brotherston lee at nerds.org.uk
Mon Jul 7 18:43:06 MSD 2008


Hi,

I have an nginx installation which allows vhosts to be setup
dynamically:

-------8<-------

server {
        listen          10.1.2.3:80;
        root            /data/www/$host;
        index           index.php index.html;

        location ~ .php$ {
                include         fastcgi_params;
                fastcgi_pass    unix:/tmp/.fastcgi.www/socket;
                fastcgi_index   index.php;
                fastcgi_param   SCRIPT_FILENAME /data/www/$host/$fastcgi_script_name;
                fastcgi_param   DOCUMENT_ROOT   /data/www/$host/;
        }

-------8<-------

I had trouble writing a way to block access to certain directories,
without applying them to all vhosts.  However I eventually realised
that you could do this:

-------8<-------
        if ($host ~* specific-vhost.domain.com) {
                rewrite ^/private.* @403;
                rewrite ^/admin.* @403;
        }

        location = @403 {
                return 403;
        }

-------8<-------

This way I can restrict (in this case /private and /admin) on a
specific vhost, and not apply the same config option to all the other
vhosts.

However I have now come up against the problem of trying to implement
something similar with auth_basic.  A couple of vhosts need to have
auth_basic applied to / ... obviously this means that I cannot just
use the location operative as this will apply to all vhosts.

I attempted to use a similar setup as above, with an "@auth" location
and the appropriate rewrites, and whilst the authentication works
properly, I cannot make the scripts run.  Typically I either get "No
Input Files" which indicates that fastcgi is not obtaining the right
path to pass to php, or a 404 error, which is probably my fault ;)

If anyone can offer any advice it would be greatly appreciated.

Many thanks

  Lee


-- 
Lee Brotherston - <lee at nerds.org.uk>





More information about the nginx mailing list