I've set up a test Virtualbox/Debian Wheezy7.1 machine with a bare net-install machine + nginx + php-fpm
I've got SSL, php , basic_auth and allow/deny to work on a server level.
However, If i want the auth stuff to be for one path only, the auth works, but the PHP stuff does not (the index.php gets downloaded in the web browser)
I know it has something to do with how nginx matches location directives, but i'm not sure what it is...
Here is my config file:
server {
listen 80;
server_name www.test.com;
rewrite ^ https://$server_name$request_uri? permanent;
}
# HTTPS server
server
{
listen 443;
server_name www.test.com;
root /srv/vhosts/www.test.com/html;
index index.php ;
ssl on;
ssl_certificate /etc/nginx/certs/STAR.test.com.crt;
ssl_certificate_key /etc/nginx/certs/STAR.test.com.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
location ^~ /testdir/ {
auth_basic "gib login";
auth_basic_user_file /etc/nginx/htpasswd/www.test.com.htpasswd;
allow 192.168.1.3; # my workstation ip
deny all;
}
}
Edit: Look at first comment, thanks!