0

Hope this is the right place to ask. I have Piwik setup and running on a Nginx webserver that I protected with HTTP basic authentication, as seen below.

location /analytics { alias /var/www/piwik/; auth_basic "Restricted"; auth_basic_user_file /etc/nginx/pass; try_files $uri $uri/ /index.php; } location ~ ^/analytics(.+\.php)$ { alias /var/www/piwik$1; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; }

This works great for protecting www.example.com/analytics. However, users are being prompted to login on each page, due to the fact that the Piwik tracking tag is on each page. In the official FAQ, that problem is addressed for Apache, but not Nginx.

If you use HTTP Authentication (Basic or Digest) on your Piwik files, you should exclude piwik.php and piwik.js from this authentication, or visitors on your website would be prompted with the authentication popup.

What kind of Nginx rule can I use to protect all files in that directory, besides those two? Is it possible to do a negative regex match on a location block? I've seen solutions for Apache using .htaccess, but nothing for Nginx. Other similar questions are here, here, and here.

Any help would be appreciated!

Improve this question

1 Answer 1

Reset to default
0

How about this:

location = /analytics/piwik.php { fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_param /var/www/piwik/piwik.php; } location = /analytics/piwik.js { try_files $uri; }

The = operator means that that these rules take first precedence. The problem with your current rules are that the location / rule is first in usage order. Using = changes that.

Improve this answer
3
  • Do I need to remove the two location blocks I have above? Commented Jan 14, 2015 at 16:10
  • I kept the two locations blocks above and added yours. Here is what I have that does let me log in at /analytics, but does not stop the login prompt on each page. location = /analytics/piwik.php {fastcgi_pass unix:/var/run/php5-fpm.sock;} location = /analytics/piwik.js {try_files $uri piwik.js;} My error.log file is still showing this no user/password was provided for basic authentication, client: XX.XX.XX.XX, server: example.com, request: "GET /analytics/piwik.js/ HTTP/1.1"... Commented Jan 14, 2015 at 16:21
  • Asked on Nginx forum and answered here. Commented Aug 13, 2015 at 19:24

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.