How to Specify which URLs have HTTP Authentication with NGINX

Question

In my nginx configuration file I have successfully created HTTP Authentication for the whole website while it's under development.

root /var/www/staging/;
auth_basic "Restricted website - authorised access only";
auth_basic_user_file /etc/nginx/.htpasswd;

I'm wondering if I can do two thing.

Firstly can I set it up so the whole website is restricted except for access to a particular file in the root called heartbeat.php. i.e. /var/www/staging/heartbeat.php.

Secondly can I restrict access to a specific path only i.e. www.our-magento.com/admin

UPDATE: Below is my configuration file

server {
    # Listen on port 80 as well as post 443 for SSL connections.
    listen 80;
    #listen 443 default ssl;

    server_name localhost;

    # Specify path to your SSL certificates.
   #ssl_certificate /etc/nginx/certificates/yourcertificate.crt;
    #ssl_certificate_key /etc/nginx/certificates/yourcertificate.key;

    # Path to the files in which you wish to
    # store your access and error logs.
    #access_log /path/to/your/logs/access_log;
    #error_log /path/to/your/logs/error_log;

    # If the site is accessed via mydomain.com
    # automatically redirect to www.magento.localhost.com.
    #if ($host = 'staging' ) {
        #rewrite ^/(.*)$ http://www.staging/$1permanent;
   #}

    root /var/www/staging/;
    location = /heartbeat.php {
        try_files $uri;
    }
    location /admin/ {
        try_files $uri $uri/;
    }
    location / {
        auth_basic "Restricted website - authorised access only";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }

    location / {
        index index.html index.htm index.php;
        try_files $uri $uri/ @handler;
    }

    #include hhvm.conf;  # INCLUDE HHVM HERE

    # Deny access to specific directories no one
    # in particular needs access to anyways.
    location /app/ { deny all; }
    location /includes/ { deny all; }
    location /lib/ { deny all; }
    location /media/downloadable/ { deny all; }
    location /pkginfo/ { deny all; }
    location /report/config.xml { deny all; }
    location /var/ { deny all; }

    # Allow only those who have a login name and password
    # to view the export folder. Refer to /etc/nginx/htpassword.
    #location /var/export/ {
    #    auth_basic "Restricted";
    #    auth_basic_user_file htpasswd;
    #    autoindex on;
    #}

    # Deny all attempts to access hidden files
    # such as .htaccess, .htpasswd, etc...
    location ~ /\. {
         deny all;
         access_log off;
         log_not_found off;
   }

    # This redirect is added so to use Magentos
    # common front handler when handling incoming URLs.
    location @handler {
        rewrite / /index.php;
    }

    # Forward paths such as /js/index.php/x.js
    # to their relevant handler.
    location ~ .php/ {
        rewrite ^(.*.php)/ $1 last;
    }

    ##
    # Rewrite for versioned CSS+JS via filemtime
    ##
    location ~* ^.+\.(css|js)$ {
        rewrite ^(.+)\.(\d+)\.(css|js)$ $1.$3 last;
        expires 31536000s;
        access_log off;
        log_not_found off;
        add_header Pragma public;
        add_header Cache-Control "max-age=31536000, public";
    }
    ##
    # Aggressive caching for static files
    # If you alter static files often, please use 
    # add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
    ##
    location ~* \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|ogv|otf|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|t?gz|tif|tiff|ttf|wav|webm|wma|woff|wri|xla|xls|xlsx|xlt|xlw|zip)$ {
        expires 31536000s;
        access_log off;
        log_not_found off;
        add_header Pragma public;
        add_header Cache-Control "max-age=31536000, public";
    }

       # Handle the exectution of .php files.
    location ~ .php$ {
        if (!-e $request_filename) {
            rewrite / /index.php last;
        }
        expires off;

        # --PHP5-FPM CONFIG START (keep fastcgi_param HTTPS OFF)--
        #fastcgi_pass unix:/var/run/php5-fpm.sock;
        ##fastcgi_param HTTPS $fastcgi_https;
        #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        # --PHP5-FPM CONFIG START--

        # --HHVM CONFIG START--
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include        fastcgi_params;
        try_files $uri $uri/ @handler; 
        # --HHVM CONFIG END--

        fastcgi_param MAGE_RUN_CODE default;
        fastcgi_param MAGE_RUN_TYPE store;
        include fastcgi_params;
    }
}

Mouse over the down arrow; the popup says "*This question does not show any research effort; it is unclear or not useful*". Downvotes without comment may be presumed to be for at least one of those reasons. — MadHatter, Aug 27 '15 at 11:12

score 2 · Answer 1 · answered Aug 27 '15 at 10:05

2

Yes. You can achieve this. You need to have 3 seperate blocks for heartbeat.php, /admin/ & /

Like below

root /var/www/staging/;

location = /heartbeat.php {
try_files $uri;
}
location /admin/ {
try_files $uri $uri/;
}
location / {
auth_basic "Restricted website - authorised access only";
auth_basic_user_file /etc/nginx/.htpasswd;
}

Hope this helps.

answered Aug 27 '15 at 10:05

serverliving.com

875
6
15

thanks but it didn't work for me, still getting prompted for HTTP auth after making those changes & restarting nginx. I've updated my question with my config file – Holly Aug 27 '15 at 11:06

How to Specify which URLs have HTTP Authentication with NGINX

1 Answers1