doutan3371
2016-12-14 14:37
浏览 44
已采纳

Nginx + Symfony。 除了子文件夹之外的基本身份验证

I have a symfony app under nginx server. I want to enable basic http auth but exclude everything inside the /api/ url request.

This is my current configuration for nginx:

server {
    listen 80;
    listen [::]:80;

    root /home/mysite/www/web;

    index app.php index.php index.html;

    server_name mysite.com;

    error_log  /home/mysite/logs/error.log  warn;
    access_log /home/mysite/logs/access.log;


    location / {
        # try to serve file directly, fallback to app.php
        try_files $uri /app.php$is_args$args;
    }

    # PROD
    location ~ ^/app\.php(/|$) {
        include /etc/nginx/php-mysite.conf;

        # Protect access
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }

    location ~ ^/app\.php/api/(.*) {
        include /etc/nginx/php-mysite.conf;
        auth_basic "off";
    }

    location ~ /\.ht {
       deny all;
    }
}

In /etc/nginx/php-mysite.conf is the php-fpm configuration. It works well.

The problem is that it seems that every request is being handled by the the ^app.php(/|$) location directive. I am unable to configure it to disable the auth request when accessing /api/... urls.

I've spend several hours without success.

图片转代码服务由CSDN问答提供 功能建议

我在nginx服务器下有一个symfony应用程序。 我想启用基本的http auth,但是要排除/ api / url请求中的所有内容。

这是我目前的nginx配置:

  server {
 listen 80; 
 listen [::]:80; 
 
 root / home / mysite / www / web; 
 
 index app.php index.php index.html; 
 \  n server_name mysite.com; 
 
 error_log /home/mysite/logs/error.log warn; 
 access_log /home/mysite/logs/access.log;
nnnn location / {
#try 直接提供文件,回退到app.php 
 try_files $ uri /app.php$is_args$args; 
} 
 
#PROD 
 location~ ^ / app \ .php(/ | $){\  n include /etc/nginx/php-mysite.conf;
nn#Protect access 
 auth_basic“Restricted”; 
 auth_basic_user_file /etc/nginx/.htpasswd;
} 
 
 location~ ^ / app  \ .php / api /(.*){
 include /etc/nginx/php-mysite.conf;
 auth_basic“off”; 
} 
 
位置〜/\。ht {
拒绝所有 ; 
} 
} 
   
 
 

/etc/nginx/php-mysite.conf 中 php-fpm配置。 它运行良好。

问题是,似乎每个请求都由 ^ app.php(/ | $)位置指令处理。 我无法将其配置为在访问 / api /... urls时禁用身份验证请求。

我花了几个小时没有成功。

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • duankeye2342 2016-12-14 15:24
    已采纳

    Well, I don't like this solution, but it works. What I've done is to check the request_uri in the location directive, and if it starts with /api then I enable the auth basic. I would like to use two separate locations for this purpose instead of an if inside the location.

    This is the location directive, by default it is enabled and if the request matches ^/api/.*$ then the auth is set to off:

    # PROD
    location ~ ^/app\.php(/|$) {
        include /etc/nginx/php-mysite.conf;
    
        # Protect access
        set $auth "Restricted";
        if ($request_uri ~ ^/api/.*$){
            set $auth "off";
        }
    
        auth_basic $auth;
        auth_basic_user_file /etc/nginx/.htpasswd;
    }
    
    已采纳该答案
    打赏 评论

相关推荐 更多相似问题