Question nginx reverse proxy and password protected directory

[CoffeeLover]

Server operating system version

Ubuntu 22.04

Plesk version and microupdate number

18.0.64 Update #1

Hey everyone,

I need some help with the following setup:

• a docker container running my API
• a website which is public
• a 2nd website which is protected with password (via Protected Directories)

On the public website I set up following additional rule for nginx:

location /api/ {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_pass http://172.17.0.2:8080;
}

This redirects all my calls to "api" to my docker container. This is working perfectly fine. But the same setup on my password protected website is not working. As soon as I turn on the password protection I get 404 or 403 for my API calls.

Can anyone direct me in the right direction how to setup something like that (without having to write my own auth)?

 

[CoffeeLover]

Ok I guess I found the solution for my problem. Posting it here in case someone else will have similar problems.

I needed ^~ right before /api/. But that is not enough. Then the API is not password protected anymore. The protection is back with the lines auth_basic and auth_basic_user_file.

location ^~ /api/ {
    auth_basic "Root";
    auth_basic_user_file "/var/www/vhosts/system/<domain>/pd/d..httpdocs";

    proxy_hide_header upgrade;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_pass http://172.17.0.2:8080/;
}

 

[Raul A.]

Totally makes sense: Nginx location priority