I know this can be done with Apache, however I've started using nginx and would like to know if this is possible, and if so, how I can implement it.
On my web server I have the directory /mcscreens which contains a number of images. The directory is indexed with h5ai. I would like to password protect the directory so I can visit /mcscreens, login and be able to browse all the images using h5ai. I would also however like to link people directly to specific images, without them having to authenticate.
Basically, I want to password protect the directory, but not individual files.
How can I do this?
edit: my full config, including rmalayter's example:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /var/www;
index index.php index.html index.htm /mcscreens/_h5ai/server/php/index.php;
# Make site accessible from http://localhost/
server_name redacted;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.html;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
allow ::1;
deny all;
}
#location for the root folder listing with or without trailing slash
location ~ ^/(mcscreens|mcscreens/)$ {
auth_basic "Restricted";
auth_basic_user_file /var/www-assets/passwd;
}
#allow retrieval of any individual image via URL without auth
location ~ ^/mcscreens/* {
autoindex off;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
rmalayter's example works, however PHP files are downloaded as .bin files.