 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
3 messages in ru.sysoev.nginxRe: Is authentication not supported o...| From | Sent On | Attachments |
|---|---|---|
| Wayne E. Seguin | Mar 2, 2007 11:14 am | |
| Wayne E. Seguin | Mar 3, 2007 4:42 am | |
| Igor Sysoev | Mar 4, 2007 11:52 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: Is authentication not supported over https? | Actions... |
|---|---|---|
| From: | Igor Sysoev (is-G...@public.gmane.org) | |
| Date: | Mar 4, 2007 11:52:33 am | |
| List: | ru.sysoev.nginx | |
On Sat, Mar 03, 2007 at 07:43:12AM -0500, Wayne E. Seguin wrote:
On Mar 02, 2007, at 14:14 , Wayne E. Seguin wrote:
New issue, I can't seem to use the basic authentication with https. Is authentication not supported over https?
I figured out how to get it working, it still doesn't make sense to me though.
What I did to get it working was move the auth lines into the server/ section from the location/ section contained within.
Even though the documentation http://wiki.codemongers.com/NginxHttpAuthBasicModule#auth_basic specifically states that context may be "context: http, server, location, limit_except".
My best guess as to why this move worked is something to the tune of: The auth was literally ONLY applying to / and once the location went away from / it no longer worked... but that's only a half-baked idea.
If you have two locations:
location / { }
location /some/ { }
and request is "/some/uri", then it will be handled using the location "/some/" configuration. See the location handling order here http://wiki.codemongers.com/NginxHttpCoreModule#location
When you set up the auth directives at server level, then they are inherited to all locations (unless you set "auth_basic off" in some locations).
Thanks! ~Wayne
For your reference, the working sections are below:
http { ... server { # port to listen on. Can also be set to an IP:PORT listen 443;
ssl on; ssl_certificate /etc/nginx/ssl/blog.jentryx.com.crt; ssl_certificate_key /etc/nginx/ssl/blog.jentryx.com.key; #keepalive_timeout 70;
# Set the max size for file uploads to 50Mb client_max_body_size 50M;
# sets the domain[s] that this vhost server requests for server_name blog.jentryx.com;
auth_basic "Restricted"; auth_basic_user_file /etc/nginx/users;
# doc root root /home/jentryx_blog/current/public;
# vhost specific access log access_log /var/log/nginx.vhost.access.log main;
# this rewrites all the requests to the maintenance.html # page if it exists in the doc root. This is for capistrano's # disable web task if (-f $document_root/system/maintenance.html) { rewrite ^(.*)$ /system/maintenance.html last; break; }
location / {
# needed to forward user's IP address to rails proxy_set_header X-Real-IP $remote_addr;
# needed for HTTPS proxy_set_header X_FORWARDED_PROTO https;
# needed for HTTPS proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect false; proxy_max_temp_file_size 0;
... } ... } }
-- Igor Sysoev http://sysoev.ru/en/