Authentication with specific subdomains

authentication nginx subdomain

Basically I'm trying to enable the authentication module when accessing to a specific part of a subdomain, which are dev.domain.com and pma.domain.com, they both must have the authentication module loaded. I can't seem to figure why my nginx configuration file isn't working.

In the second server block you can see the pma and dev with the authentication module, when I access to pma.domain.com or dev.domain.com, I don't see the authentication module showing from my browser, nor any error logs stored.

Anyway, I just need a fix to enable the authentication on them two subdomains, not an entire rewrite of my nginx configuration file.

server {

    server_name domain.com;

    root            /var/www/domain.com/www;
    index           index.php index.htm index.html;
    error_page      404 /404.html;
    error_page      500 502 503 504  /50x.html;

    access_log      /var/www/domain.com/logs/access.log;
    error_log       /var/www/domain.com/logs/errors.log;

    error_page 404  /index.php;

    location ~ \.php$ 
    {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /var/www/domain.com/www$fastcgi_script_name;
        include fastcgi_params;
    }
}

server {

    server_name ~^(.+)\.domain\.com$;

    set $file_path $1;

    root            /var/www/domain.com/www/$file_path;
    index           index.html index.php;

    access_log      /var/www/domain.com/logs/access.log;
    error_log       /var/www/domain.com/logs/errors.log;

    location /
    {
        try_files $uri /$uri /index.php?$args;
    }

    location ~ pma
    {
        auth_basic            "Website development";
        auth_basic_user_file  /var/www/domain.com/www/dev/authfile;
    }

    location ~ dev
    {
        auth_basic            "Website development";
        auth_basic_user_file  /var/www/domain.com/www/dev/authfile;
    }

    location ~ \.php$ 
    {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /var/www/domain.com/www$fastcgi_script_name;
        include fastcgi_params;
    }
}

Anyone?


However, you need to split this two domains in separate server blocks and leave wildcard substitution for others, or try to use workaround below.

1. "location" directive works with URI only, not with host header

2. And if you try to do something like

if ($host ~ "(dev|pma).example.com" ) {
        auth_basic            "Website development";
        auth_basic_user_file  /var/www/domain.com/www/dev/authfile;
}

then you will get a

error nginx: [emerg] "auth_basic" directive is not allowed here in.....

because auth_basic directive is unconditional

workaround (not well tested):

    if ($host ~ "(dev|pma).example.com" ) {
        return 555;
    }

    error_page 555 = @auth;

    location @auth {
        auth_basic            "Website development";
        auth_basic_user_file  /var/www/domain.com/www/dev/authfile;
        try_files $uri /$uri /index.php?$args;
    }

A way simpler solution is either use map

map $http_host $auth_type {
    default "off";
    example.domain.tld "Restricted";
}

server {
    auth_basic $auth_type;
}

Or

As of nginx 1.5.4+ the auth module:

http://nginx.org/en/docs/http/ngx_http_auth_request_module.html

Related

How does the Task Scheduler save passwords on Windows 7?
IPv6: Can one use more than 64 bits for the network ID
FreeBSD 9 - default file system?
Physical to Virtual on same hardware?
Loopback interface on Linux catches all loopback traffic
Huge amounts of "multiply-claimed blocks" during fsck
ec2: assign cname to elastic ip
How do I prevent remote acces to MySQL?
Why Wireshark does not recognize this HTTP response?
Removing messages from a postfix queue based on message body content
What does "non-IP" originated traffic mean in a TOS?
understanding vlan