nginx config: multiple locations, authentication in one, triggered for both?

roger.moffatt nginx-forum at nginx.us
Mon Nov 7 08:48:53 UTC 2011 

I originally posted this question on SO, but it might of course be more
logical to ask here;

http://stackoverflow.com/questions/8031471/nginx-location-directive-authentication-happening-in-wrong-location-block

I'm flummoxed.

I have a server that is primarily running couchdb over ssl (using nginx
to proxy the ssl connection) but also has to serve some apache stuff.

Basically I want everything that DOESN'T start /www to be sent to the
couchdb backend. If a url DOES start /www then it should be mapped to
the local apache server on port 8080.

My config below works with the exception that I'm getting prompted for
authentication on the /www paths as well. I'm a bit more used to
configuring Apache than nginx, so I suspect I'm mis-understanding
something, but if anyone can see what is wrong from my configuration
(below) I'd be most grateful.

To clarify my use scenario;

https://my-domain.com/www/script.cgi should be proxied to
http://localhost:8080/script.cgi
https://my-domain.com/anythingelse should be proxied to
http://localhost:5984/anythingelse

ONLY the second should require authentication. It is the authentication
issue that is causing problems - as I mentioned, I am being challenged
on https://my-domain.com/www/anything as well :-(

Here's the config, thanks for any insight.

server {
        listen   443;
        ssl on;

        # Any url starting /www needs to be mapped to the root
        # of the back end application server on 8080

        location ^~ /www/ {
        proxy_pass http://localhost:8080/;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        }

        # Everything else has to be sent to the couchdb server running
on
        # port 5984 and for security, this is protected with auth_basic
        # authentication.

        location / {

        auth_basic "Restricted";
        auth_basic_user_file /path-to-passwords;

        proxy_pass http://localhost:5984;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Ssl on;

        }
    }

Thanks for some pointers - I'm not sure how I can resolve this
correctly.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,217906,217906#msg-217906

More information about the nginx mailing list