nginx auth_basic with proxy pass to tomcat

Thu Nov 8 00:04:39 UTC 2012

Hi Francis,

thanks for the reply. actually it inside the server block :-) ,

i managed to resolve the issue using a rewrite rule as follows

   location /demo/ {
        auth_basic "Restricted";
        auth_basic_user_file /var/www/demo/.htpass;
        error_page 404 = @redirect;
#       rewrite ^/demo/(.*)$ http://x.x.x.x/$1 permanent;
      }

      location @redirect {
        rewrite ^/demo/(.*)$ http://x.x.x.x/$1 permanent;
      }

is it possible to enable nginx authentication before proxy_pass to tomcat ?

cheers,
Tharanga

On Wed, Nov 7, 2012 at 8:01 PM, Francis Daly <francis at daoine.org> wrote:
> On Wed, Nov 07, 2012 at 12:43:40PM +1100, Tharanga Abeyseela wrote:
>
> Hi there,
>
>> I need to add basic auth to my home page (index.html)  (Served by
>> nginx)  and other directories resides on tomcat7. is there anyway i
>> can add only authentication to index.html .
>
> "location = /index.html" will only apply to /index.html. Put your
> configuration in there.
>
>> i was using the following
>> nginx configuration.
>>
>> server {
>>       access_log  /var/log/nginx/access.log;
>>       error_log   /var/log/nginx/error.log;
>>       index       index.html;
>>       root        /var/www/;
>>       server_name xxxxxxxx;
>> }
>
> Are you sure?
>
> server{}, and then location{} outside it?
>
>>       location / {
>>         auth_basic "Restricted";
>>         auth_basic_user_file /var/www/.htpass;
>>       }
>>
>>  location /next {
>>         proxy_pass             http://localhost:8080/next;
>>         proxy_redirect         off;
>>         proxy_set_header   Host             $host;
>>         proxy_set_header   X-Real-IP        $remote_addr;
>>         proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
>>         proxy_max_temp_file_size 0;
>> }
>>
>> when i try to add the above config, it asks for the user/pass, but it
>> asks for the user/pass when i try to access /next.
>
> When I try the above config, it does what you say you want.
>
> (It should challenge for authentication only for any request that does not
> begin "/next".)
>
> What is the output you get for
>
>   curl -i http://xxxxxxxx/
>
> and
>
>   curl -i http://xxxxxxxx/next
>
> ? Are you sure that you are using this server{} block in nginx? Are you
> sure that the server on localhost:8080 is not redirecting you to /?
>
>> but i need to add
>> authentication only to index.html. problem is  using the root
>> directory, so all requests will be tunneled through root and prompted
>> for a password. but is there any way i can restrict access only to
>> index.html, once it authenticated, users will be able to access tomcat
>> paths .
>
> I'm not quite sure what you mean by that last bit. If you require
> authentication for /index.html, then you can't expect authentication
> credentials to be sent for the tomcat paths. So the user will get to
> the tomcat paths whether or not they first authenticated, at least as
> far as nginx is concerned.
>
>         f
> --
> Francis Daly        francis at daoine.org
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx