0

On a Laravel Forge Nginx Server I've enabled basic auth security at a root level for my site, this is working fine.

However I'm now trying to exclude a webhooks path from basic auth to allow the site to function properly with third parties.

No matter what I try this it not seem to work, it works fine if the folder/file exists in the filesystem but not for pretty URLs set-up as routes in Laravel.

This is an extract of my nginx configuration file:

auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/forge-conf/mywebsite/server/.htpasswd;

location = /hooks/stripe {

    auth_basic "off";
    allow all;
}


location / {
    try_files $uri $uri/ /index.php?$query_string;
}

The above works fine if I change /hooks/stripe to a physical file such as my CSS or favicon. Additionally inverting it works without issue, where I can lock just that route with a password.

I've tried using variations of the location block, some with = and some without. Additionally I've tried auth_basic off; and removing allow all;. Finally i've tried changing the location using different modifiers and making it less specific and placing it before and after the / root location try_files.

Any help would be massively appreciated as I'm now completely stuck

Dean Whitehouse
  • 101
  • 2

1 Answers1

0

Thanks to @AlexD suggestion in the comments the below works, however you have to move the forge import which may have unintended impacts.

If you try to access a URL that doesn't exist, /hooks/lost you still get the basic auth request which I'm unsure why but for now this solves the immediate problem.

# FORGE CONFIG (DO NOT REMOVE!)
#include forge-conf/mywebsite/server/*;

location / {
    try_files $uri $uri/ /index.php?$query_string;
    include forge-conf/mywebsite/server/*;
}


location /hooks {

    auth_basic off;
}
Dean Whitehouse
  • 101
  • 2