Thank you, forwarded to developers here.
location ~ "^/protdir/" {
auth_basic "Test";
auth_basic_user_file "/var/www/vhosts/system/example.com/pd/d..httpdocs@protdir";
location ~ ^/(.*\.(ac3|avi|bmp|bz2|css|cue|dat|doc|docx|dts|eot|exe|flv|gif|gz|htm|html|ico|img|iso|jpeg|jpg|js|mkv|mp3|mp4|mpeg|mpg|ogg|pdf|png|ppt|pptx|qt|rar|rm|svg|swf|tar|tgz|ttf|txt|wav|woff|woff2|xls|xlsx|zip|webp))$ {
try_files $uri @fallback;
}
proxy_pass https://127.0.0.1:7081;
proxy_hide_header upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
That inner "location ~ ^/(.*\.(ac3|avi|..." block is for serving static files from protected directories. It's not at fault here.- the second location block in the following location directive was not a good idea and is the root of all evil here:
Not sure what "other location block", but the location block "location ~ "^/" {" in your example is already protected. If the request matches it, nginx will ask for authentication.- just remove the other location block and put the auth_basic inside the inner block
It's not a mistake, that block is for static files in non-protected directories.- there is another location directive for the static files at the end of the server config block (maybe copy and paste mistake, needs to be removed too)
location / {
proxy_read_timeout 300;
proxy_pass https://127.0.0.1:7081;
proxy_hide_header upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location ~ "^/test/" {
auth_basic "Please login first...";
auth_basic_user_file "/var/www/vhosts/system/example.com/pd/d..httpdocs@test";
location ~ ^/(.*\.(ac3|avi|bmp|bz2|css|cue|dat|doc|docx|dts|eot|exe|flv|gif|gz|htm|html|ico|img|iso|jpeg|jpg|js|mkv|mp3|mp4|mpeg|mpg|ogg|pdf|png|ppt|pptx|qt|rar|rm|svg|swf|tar|tgz|ttf|txt|wav|w
off|woff2|xls|xlsx|zip|webp))$ {
try_files $uri @fallback;
}
}
location @fallback {
proxy_read_timeout 300;
proxy_pass https://127.0.0.1:7081;
proxy_hide_header upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location ~ ^/(.*\.(ac3|avi|bmp|bz2|css|cue|dat|doc|docx|dts|eot|exe|flv|gif|gz|htm|html|ico|img|iso|jpeg|jpg|js|mkv|mp3|mp4|mpeg|mpg|ogg|pdf|png|ppt|pptx|qt|rar|rm|svg|swf|tar|tgz|ttf|txt|wav|woff|woff
2|xls|xlsx|zip|webp))$ {
try_files $uri @fallback;
}
# Serve static files directly by nginx is enabled AND
# password protection is not on the root level
location ~* ^/test/(.*\.(ac3|avi|bmp|bz2|css|cue|dat|doc|docx|dts|eot|exe|flv|gif|gz|htm|html|ico|img|iso|jpeg|jpg|js|mkv|mp3|mp4|mpeg|mpg|ogg|pdf|png|ppt|pptx|qt|rar|rm|svg|swf|tar|tgz|ttf|txt|wav|w
off|woff2|xls|xlsx|zip|webp))$ {
auth_basic "Please login first...";
auth_basic_user_file "/var/www/vhosts/system/example.com/pd/d..httpdocs@test";
try_files $uri @fallback;
}
# Serve static files directly by nginx is enabled AND
# password protection is not on the root level OR there is no password protection at all
location ~* ^/(.*\.(ac3|avi|bmp|bz2|css|cue|dat|doc|docx|dts|eot|exe|flv|gif|gz|htm|html|ico|img|iso|jpeg|jpg|js|mkv|mp3|mp4|mpeg|mpg|ogg|pdf|png|ppt|pptx|qt|rar|rm|svg|swf|tar|tgz|ttf|txt|wav|woff|woff
2|xls|xlsx|zip|webp))$ {
try_files $uri @fallback;
}
location / {
proxy_read_timeout 300;
proxy_pass https://127.0.0.1:7081;
proxy_hide_header upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location @fallback {
proxy_read_timeout 300;
proxy_pass https://127.0.0.1:7081;
proxy_hide_header upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
Correct if the password protection is not on the root level as it was in my example. In my posting above I did clarify it. There is always space for optimization^^It's not a mistake, that block is for static files in non-protected directories.
location /
and it's weaker than location ~
.location /
I did not touch. It's the same syntax as before / current .59 release. If the location ~*
optimization is not possible yet, I will make an extra bug report. But now let's hope for a quick patch first.