0

I've tried hard to understand NginX's logic in location order processing but it still is beyond me, and I suspect that's why I am getting the following issue.

I run a SugarCRM instance, which I have blocked off with basic auth. There are a few files such as ical_server.php which I want to turn off basic auth for, so the smartphones can easily reach this subscribed calendar which has its own token based security already.

I have this in my conf. But the ical_server.php is being downloaded as raw php, which suggests it's not reaching the fastcgi parser, even though the rest of the CRM works just fine. 

location /sugarcrm/ {
    auth_basic "Username and Password are required";
    auth_basic_user_file /var/web/webaddress.tld/private/.htpasswd;
    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
            location ~ _server.php$ {
                    auth_basic "off";
            }
            try_files $uri =404;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_read_timeout 600;
            fastcgi_send_timeout 600;
            fastcgi_max_temp_file_size 0;
            fastcgi_buffer_size 56k;
            fastcgi_buffers 16 48k;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
    }
}

How can I achieve this selective switching off of auth basic?

JayMcTee
  • 3,763
  • 12
  • 20
  • `fastcgi_pass` is not inherited. Add it to inner location – Alexey Ten Apr 15 '15 at 13:27
  • Quite good expanation here http://blog.martinfjordvald.com/2012/08/understanding-the-nginx-configuration-inheritance-model/ – Alexey Ten Apr 15 '15 at 13:32
  • Yes, that does the trick, thank you very much. From what I had read, I was under the impression that my nested locations would somehow trigger Nginx to stop processing, hence not reaching the fastcgi part. But what you means now makes perfect sense. The reference is a great help too. Thanks! – JayMcTee Apr 15 '15 at 14:05

1 Answers1

0

As I cannot reward Alexey Ten with the correct answer through his comment, here is the working config:

    location /sugarcrm/ {
    auth_basic "Username and Password are required";
    auth_basic_user_file /var/web/webaddress.tld/private/.htpasswd;
    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
            location ~ _server.php$ {
                    auth_basic "off";
                    include /etc/nginx/conf.d/global/fastcgi.conf;
            }
            try_files $uri =404;
            include /etc/nginx/conf.d/global/fastcgi.conf;
    }
}

Because, as Alexey points out, the fastcgi doesn't get inherited, I have to put it in the _server.php$ location again. Through an include, it tidies things up nicely too. Now the php gets parsed nicely.

(The fact auth_basic is off on that file entirely is actually not intended, but that's being covered in another question. Just mentioning it in case someone finds this...)

Thanks again Alexey.

JayMcTee
  • 3,763
  • 12
  • 20