问题
Im running nginx on centos 6. The domain is configured to use ssl. Some specific folders need to be password protected. If I type the url with http the basic the browsers asks to enter user and pass. If I type the same url with https then the index file of the specific folder will be shown without asking for user pass.
I have this in my domain specific nginx.conf file:
location /protected_folder {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
How can I make sure that the both urls using http and https are password protected?
回答1:
I saw that nginx has two config files in the same directory: nxingx.conf and snginx.conf. I simply had to update snginx.conf with the same auth rules and it all worked.
回答2:
You need to put your restricted configuration in 80 and 443 ports :
/etc/nginx/sites-available/MY_VHOST
server
{
listen 80;
server_name YOUR.FQDN;
.....other config of vhost.....
location /protected_folder {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
server
{
listen 443;
server_name YOUR.FQDN;
.....other config of vhost.....
location /protected_folder {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
or you can redirect the http request to https :
server
{
listen 80;
server_name YOUR.FQDN;
return 301 https://YOUR.FQDN$request_uri;
}
server
{
listen 443;
server_name YOUR.FQDN;
.....other config of vhost.....
location /protected_folder {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
来源:https://stackoverflow.com/questions/40189919/nginx-basic-auth-working-on-http-but-not-on-https