nginx auth_basic with proxy pass to tomcat

Francis Daly francis at
Wed Nov 7 09:01:09 UTC 2012

On Wed, Nov 07, 2012 at 12:43:40PM +1100, Tharanga Abeyseela wrote:

Hi there,

> I need to add basic auth to my home page (index.html)  (Served by
> nginx)  and other directories resides on tomcat7. is there anyway i
> can add only authentication to index.html .

"location = /index.html" will only apply to /index.html. Put your
configuration in there.

> i was using the following
> nginx configuration.
> server {
>       access_log  /var/log/nginx/access.log;
>       error_log   /var/log/nginx/error.log;
>       index       index.html;
>       root        /var/www/;
>       server_name xxxxxxxx;
> }

Are you sure?

server{}, and then location{} outside it?

>       location / {
>         auth_basic "Restricted";
>         auth_basic_user_file /var/www/.htpass;
>       }
>  location /next {
>         proxy_pass             http://localhost:8080/next;
>         proxy_redirect         off;
>         proxy_set_header   Host             $host;
>         proxy_set_header   X-Real-IP        $remote_addr;
>         proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
>         proxy_max_temp_file_size 0;
> }
> when i try to add the above config, it asks for the user/pass, but it
> asks for the user/pass when i try to access /next.

When I try the above config, it does what you say you want.

(It should challenge for authentication only for any request that does not
begin "/next".)

What is the output you get for

  curl -i http://xxxxxxxx/


  curl -i http://xxxxxxxx/next

? Are you sure that you are using this server{} block in nginx? Are you
sure that the server on localhost:8080 is not redirecting you to /?

> but i need to add
> authentication only to index.html. problem is  using the root
> directory, so all requests will be tunneled through root and prompted
> for a password. but is there any way i can restrict access only to
> index.html, once it authenticated, users will be able to access tomcat
> paths .

I'm not quite sure what you mean by that last bit. If you require
authentication for /index.html, then you can't expect authentication
credentials to be sent for the tomcat paths. So the user will get to
the tomcat paths whether or not they first authenticated, at least as
far as nginx is concerned.

Francis Daly        francis at

More information about the nginx mailing list