40

I have a relatively straight forward config:

upstream appserver-1 { server unix:/var/www/example.com/app/tmp/gunicorn.sock fail_timeout=0; } server { listen 80; server_name example.com; location / { proxy_pass http://appserver-1; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; auth_basic "Restricted"; auth_basic_user_file /path/to/htpasswd; } location /api/ { auth_basic off; } }

The goal is to use basic auth on the whole website, except on the /api/ subtree. While it does work with respect to basic auth, other directives like proxy_pass are not in effect on /api/ as well.

Is it possible to just disable basic auth while retaining the other directives without copy&pasting everything?

Improve this question
1
  • I would like to know if there's an "official" way to do this for certbot renew -- I tried a few examples but ultimately had to comment out my "auth_basic" config to get certbot working, in other words my config will break in 90 days. In any case, I think Nginx should add some extra option like auth_basic_certbot "allow"; where "allow" is the default. That would make this a no-brainer. Commented Jan 10, 2020 at 3:23

4 Answers 4

Reset to default
44

How about two files?

includes/proxy.conf would be:

proxy_pass http://appserver-1; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

And your current conf file:

upstream appserver-1 { server unix:/var/www/example.com/app/tmp/gunicorn.sock fail_timeout=0; } server { listen 80; server_name example.com; location / { auth_basic "Restricted"; auth_basic_user_file /path/to/htpasswd; include includes/proxy.conf; } location /api/ { auth_basic off; include includes/proxy.conf; } }
Improve this answer
1
  • 1
    Additional info: the reason the config in the question doesn't work is that "If there are several matching location blocks nginx selects the one with the longest prefix." cf nginx.org/en/docs/beginners_guide.html Commented Apr 25, 2022 at 9:58
16

Config file

In Nginx 1.4.4 you need quotes around off for the auth_basic setting.

location / { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/passwd; include /etc/nginx/uwsgi_params; uwsgi_pass unix:/tmp/app.sock; } location /api { auth_basic "off"; include /etc/nginx/uwsgi_params; uwsgi_pass unix:/tmp/app.sock; }

Creating your htpasswd/passwd file

Install apache2-utils, there is a nice helper app that creates the htpasswd file for you very quickly. http://httpd.apache.org/docs/2.2/programs/htpasswd.html

htpasswd -c -m <filename> <username>
Improve this answer
1
  • This does exclude a specific location and prompt for a password for the rest of the site. However, if I click cancel, instead of the 401 error page, it shows me the actual page I requested, but without any static files. Commented Dec 24, 2016 at 15:37
5

Below config works for me for sharing a folder from my disk without any authentication for share folder and rest of the site required authentication

server { listen 80; server_name localhost; root C:\\Users\\Work\\XYZ\\; autoindex on; autoindex_exact_size off; autoindex_localtime on; auth_basic "Administrator Login"; auth_basic_user_file C:\\Users\\Work\\.htpasswd; location /share { auth_basic "off"; allow all; # Allow all to see content alias C:\\Users\\sg32884\\Work\\share\\; } }
Improve this answer
3
+50

Nginx location

This can be achieved with a sub location:

upstream appserver-1 { server unix:/var/www/example.com/app/tmp/gunicorn.sock fail_timeout=0; } server { listen 80; server_name example.com; location / { location /api/ { auth_basic off; include includes/proxy.conf; } auth_basic "Restricted"; auth_basic_user_file /path/to/htpasswd; include includes/proxy.conf; } }

Note that proxy.conf contains the proxy conf

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.