nginx config: multiple locations, authentication in one, triggered for both?
Maxim Dounin
mdounin at mdounin.ru
Mon Nov 7 10:25:26 UTC 2011
Hello!
On Mon, Nov 07, 2011 at 03:48:53AM -0500, roger.moffatt wrote:
> I originally posted this question on SO, but it might of course be more
> logical to ask here;
>
> http://stackoverflow.com/questions/8031471/nginx-location-directive-authentication-happening-in-wrong-location-block
>
> I'm flummoxed.
>
> I have a server that is primarily running couchdb over ssl (using nginx
> to proxy the ssl connection) but also has to serve some apache stuff.
>
> Basically I want everything that DOESN'T start /www to be sent to the
> couchdb backend. If a url DOES start /www then it should be mapped to
> the local apache server on port 8080.
>
> My config below works with the exception that I'm getting prompted for
> authentication on the /www paths as well. I'm a bit more used to
> configuring Apache than nginx, so I suspect I'm mis-understanding
> something, but if anyone can see what is wrong from my configuration
> (below) I'd be most grateful.
>
> To clarify my use scenario;
>
> https://my-domain.com/www/script.cgi should be proxied to
> http://localhost:8080/script.cgi
> https://my-domain.com/anythingelse should be proxied to
> http://localhost:5984/anythingelse
>
> ONLY the second should require authentication. It is the authentication
> issue that is causing problems - as I mentioned, I am being challenged
> on https://my-domain.com/www/anything as well :-(
Most likely, the authentication request appears due to your
browser doing automatic requests to /favicon.ico or something
like. Try adding
location = /favicon.ico {
return 404;
}
to see if it helps.
>
> Here's the config, thanks for any insight.
>
> server {
> listen 443;
> ssl on;
>
> # Any url starting /www needs to be mapped to the root
> # of the back end application server on 8080
>
> location ^~ /www/ {
> proxy_pass http://localhost:8080/;
> proxy_redirect off;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>
> }
>
> # Everything else has to be sent to the couchdb server running
> on
> # port 5984 and for security, this is protected with auth_basic
> # authentication.
>
> location / {
>
> auth_basic "Restricted";
> auth_basic_user_file /path-to-passwords;
>
> proxy_pass http://localhost:5984;
> proxy_redirect off;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Ssl on;
>
> }
> }
>
> Thanks for some pointers - I'm not sure how I can resolve this
> correctly.
Config looks correct and should work. Try testing it by hand
(e.g. nc/telnet/fetch/wget/curl) to see if it actually works. See
above for a possible cause of the authentication request.
Maxim Dounin
More information about the nginx
mailing list