Enable basic auth sitewide and disabling it for subpages?

Question

I have a relatively straight forward config:

upstream appserver-1 {
    server unix:/var/www/example.com/app/tmp/gunicorn.sock fail_timeout=0;
}
server {
    listen  80;
    server_name  example.com;

    location / {
        proxy_pass http://appserver-1;
        proxy_redirect              off;
        proxy_set_header            Host $host;
        proxy_set_header            X-Real-IP $remote_addr;
        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;

        auth_basic                  "Restricted";
        auth_basic_user_file        /path/to/htpasswd;

    }

    location /api/ {
        auth_basic          off;
    }
}

The goal is to use basic auth on the whole website, except on the /api/ subtree. While it does work with respect to basic auth, other directives like proxy_pass are not in effect on /api/ as well.

Is it possible to just disable basic auth while retaining the other directives without copy&pasting everything?

score 44 · Answer 1 · answered Nov 13 '11 at 21:13

How about two files?

includes/proxy.conf would be:

proxy_pass http://appserver-1;
proxy_redirect              off;
proxy_set_header            Host $host;
proxy_set_header            X-Real-IP $remote_addr;
proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;

And your current conf file:

upstream appserver-1 {
    server unix:/var/www/example.com/app/tmp/gunicorn.sock fail_timeout=0;
}
server {
    listen  80;
    server_name  example.com;

    location / {
        auth_basic                  "Restricted";
        auth_basic_user_file        /path/to/htpasswd;
        include includes/proxy.conf;
    }

    location /api/ {
        auth_basic          off;
        include includes/proxy.conf;
    }
}

score 16 · Answer 2 · edited Jun 11 '20 at 10:02

Config file

In Nginx 1.4.4 you need quotes around off for the auth_basic setting.

location / {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/passwd;
        include /etc/nginx/uwsgi_params;
        uwsgi_pass unix:/tmp/app.sock;
}
location /api {
    auth_basic "off";
        include /etc/nginx/uwsgi_params;
        uwsgi_pass unix:/tmp/app.sock;
}

Creating your htpasswd/passwd file

Install apache2-utils, there is a nice helper app that creates the htpasswd file for you very quickly. http://httpd.apache.org/docs/2.2/programs/htpasswd.html

htpasswd -c -m <filename> <username>

score 5 · Answer 3 · answered Feb 09 '17 at 07:03

Below config works for me for sharing a folder from my disk without any authentication for share folder and rest of the site required authentication

server {
        listen       80;
        server_name  localhost;
        root C:\\Users\\Work\\XYZ\\;
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
        auth_basic "Administrator Login";
        auth_basic_user_file C:\\Users\\Work\\.htpasswd;

        location /share {
            auth_basic "off";
            allow all; # Allow all to see content 
            alias C:\\Users\\sg32884\\Work\\share\\;
        }
}

score 3 · Answer 4 · edited Jun 11 '20 at 10:02

Nginx location

This can be achieved with a sub location:

upstream appserver-1 {
    server unix:/var/www/example.com/app/tmp/gunicorn.sock fail_timeout=0;
}
server {
    listen  80;
    server_name  example.com;
location / {
    location /api/ {
        auth_basic          off;
        include includes/proxy.conf;
    }
    auth_basic                  &quot;Restricted&quot;;
    auth_basic_user_file        /path/to/htpasswd;
    include includes/proxy.conf;
}

}

Note that proxy.conf contains the proxy conf

Enable basic auth sitewide and disabling it for subpages?

4 Answers4

Config file

Creating your htpasswd/passwd file

Nginx location

Linked