I'm using nginx (0.5.32) as a reverse proxy for Tomcat, and it's working spectacularly well. There are some admin pages I want to protect, initially just with Basic authentication, and I think I've set it up right, but what I'm seeing puzzles me. Below is a simplified version of my nginx.conf:

server { listen 80;

location / { include /etc/nginx/proxy.conf; } location /viewServers.htm { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/users; include /etc/nginx/proxy.conf; }

}

Normally everything is proxied to the backend Tomcat server. What I want now is for the /viewServers.htm page to be protected. It prompts for the username and password and when these have been entered correctly, it forwards the request, but evidently makes some change to it which I can't work out, as it turns up at Tomcat as if it is just / (i.e., without the viewServers.htm), even though it is displayed in the browser as /viewServers.htm (in the Tomcat access log, no such page is recorded). If I remove the whole location /viewServers.htm... block, I get a quite different (correct) page served.

Have I set this up right? What do I need to do to have basic authentication working for a certain set of requests which nginx is to forward to a back end server?