Authentication with specific subdomains

Basically I'm trying to enable the authentication module when accessing to a specific part of a subdomain, which are dev.domain.com and pma.domain.com, they both must have the authentication module loaded. I can't seem to figure why my nginx configuration file isn't working.

In the second server block you can see the pma and dev with the authentication module, when I access to pma.domain.com or dev.domain.com, I don't see the authentication module showing from my browser, nor any error logs stored.

Anyway, I just need a fix to enable the authentication on them two subdomains, not an entire rewrite of my nginx configuration file.

server {

    server_name domain.com;

    root            /var/www/domain.com/www;
    index           index.php index.htm index.html;
    error_page      404 /404.html;
    error_page      500 502 503 504  /50x.html;

    access_log      /var/www/domain.com/logs/access.log;
    error_log       /var/www/domain.com/logs/errors.log;

    error_page 404  /index.php;

    location ~ \.php$ 
    {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /var/www/domain.com/www$fastcgi_script_name;
        include fastcgi_params;
    }
}

server {

    server_name ~^(.+)\.domain\.com$;

    set $file_path $1;

    root            /var/www/domain.com/www/$file_path;
    index           index.html index.php;

    access_log      /var/www/domain.com/logs/access.log;
    error_log       /var/www/domain.com/logs/errors.log;

    location /
    {
        try_files $uri /$uri /index.php?$args;
    }

    location ~ pma
    {
        auth_basic            "Website development";
        auth_basic_user_file  /var/www/domain.com/www/dev/authfile;
    }

    location ~ dev
    {
        auth_basic            "Website development";
        auth_basic_user_file  /var/www/domain.com/www/dev/authfile;
    }

    location ~ \.php$ 
    {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /var/www/domain.com/www$fastcgi_script_name;
        include fastcgi_params;
    }
}

Anyone?


However, you need to split this two domains in separate server blocks and leave wildcard substitution for others, or try to use workaround below.

1. "location" directive works with URI only, not with host header

2. And if you try to do something like

if ($host ~ "(dev|pma).example.com" ) {
        auth_basic            "Website development";
        auth_basic_user_file  /var/www/domain.com/www/dev/authfile;
}

then you will get a

error nginx: [emerg] "auth_basic" directive is not allowed here in.....

because auth_basic directive is unconditional

workaround (not well tested):

    if ($host ~ "(dev|pma).example.com" ) {
        return 555;
    }

    error_page 555 = @auth;

    location @auth {
        auth_basic            "Website development";
        auth_basic_user_file  /var/www/domain.com/www/dev/authfile;
        try_files $uri /$uri /index.php?$args;
    }

A way simpler solution is either use map

map $http_host $auth_type {
    default "off";
    example.domain.tld "Restricted";
}

server {
    auth_basic $auth_type;
}

Or

As of nginx 1.5.4+ the auth module:

http://nginx.org/en/docs/http/ngx_http_auth_request_module.html