BasicAuth config question

Thu Oct 25 17:34:00 UTC 2018

On Thu, Oct 25, 2018, at 10:23 AM, Maxim Dounin wrote:
> In your second config, auth_basic is only configured for location 
> "~ ^/sec", but not for location "= /sec/status".  Since the request 
> to /sec/status is handled in the latter, auth_basic won't apply.
> 
> Note that location matching selects only one location to handle 
> a request.  If there are many matching locations, most specific 
> will be used (see http://nginx.org/r/location for details).

Ok, got that. Thx.

> If you want to configure auth_basic for anything under /sec/, 
> consider using nested prefix locations instead.  For example:
> 
>     location /sec/ {
>         auth_basic 'Secure Access';
>         auth_basic_user_file /etc/nginx/sec/users;
> 
>         location = /sec/ {
>             deny all;
>         }
> 
>         location = /sec/status {
>             stub_status on;
>         }
>     }
> 
> This way, auth_basic is inherited into all nested locations, and 
> will be configured in "location = /sec/status" as well.

I get the nesting.

I'd _like_ to split that config across two files:  one that I can include in EVERY config that deals with "auth_basic under /sec/", and the other that i can "drop-in" (include) just for sites where I want to use "status pages" (here, just the nginx-status).

Can you 'nest' across separate configs?

> Note well that "location ~ ^/sec"

Yep, thx.