Explanation:
I'm trying to configure my NGINX project as an extensionless (PHP) project. It seems to work fine, except when I will be using basic authentication with an exception for a specific folder.
My project has an API folder which requires the extensionless settings. I'm retrieving my API files in a PHP file_get_contents
function (it's a very basic API and meant for local use only). The project has a basic authentication, but (because of file_get_contents
) I want to create an exception for the API folder. Therefore I have added the following lines to the API folder location:
location ~ ^/api/ {
auth_basic "off";
allow 127.0.0.1;
allow ::1;
deny all;
}
However, due to this location, the files are being downloaded in that folder instead of executed. If I remove this location, the file will be executed fine (except for the file_get_contents
function, which returns a 401.
Problem
file_get_contents
returns a 401 because of the authentication. file_get_contents
should return a 200 for all files in the /api/ folder.
Desired result:
The API folder can be accessed without the .htpasswd configuration (authentication). The rest of the project requires a .htpasswd. The API folder itself may not be accessed by any external IP. I believe this is the solution for my problem.
Code
I am using DirectAdmin to customize the NGINX configuration. This is my full (customized) NGINX config:
location ~ ^/api/ {
auth_basic "off";
allow 127.0.0.1;
allow ::1;
deny all;
try_files $uri $uri.html $uri/ @extensionless-php;
}
location / {
auth_basic $authentication;
auth_basic_user_file /home/admin/domains/test.testsite.com/.htpasswd;
try_files $uri $uri.html $uri/ @extensionless-php;
}
location ~ /\.ht {
deny all;
}
location @extensionless-php {
rewrite ^(.*)$ $1.php last;
}
geo $authentication {
default "Authentication required";
127.0.0.1/8 "off";
::1/128 "off";
my.home.ip "off";
}