Search code examples
laravelnginxlaravel-forge

Removing Basic Auth for one uri

I have developed a Laravel app, deployed a staging version via Laravel Forge and have put in place Basic Auth for all locations which works fine. I need to remove Basic Auth from one location but having a hard time doing this. According to the docs for Forge:

Nginx allows you to add further access restrictions such as allowing and
denying access to users by IP address. Forge does not provide the ability
to configure this, but you are free to customize your own protected site
configuration. Forge creates a
/etc/nginx/forge-config/.../server/protected_site-{ruleId}.conf
configuration file for protected sites.

So Forge will create, in said file:

auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/forge-conf/staging.mysite.com/server/.htpasswd-21495;

I was hoping amending to remove Basic Auth from one path by doing the following:

auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/forge-conf/staging.mysite.com/server/.htpasswd-21495;

location /my-unrestricted-uri {
   auth_basic off;
}

When the nginx config file is put together it results in the following (I've truncated this but have hopefully included all the relevant parts):

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ...
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
    ...
}

auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/forge-conf/staging.mysite.com/server/.htpasswd-21495;

location /my-unrestricted-uri {
   auth_basic off;
}

With the config above, I still receive "401 - Authorization Required". How can I open up this one uri?

EDIT: After some tinkering, I think I've got a little further.

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ...
    location / {
        auth_basic "Restricted Area";
        auth_basic_user_file /etc/nginx/forge-conf/staging.mysite.com/server/.htpasswd-21495;
        try_files $uri $uri/ /index.php?$query_string;

        location = /my-unrestrcited-uri {
            auth_basic off;
            try_files $uri $uri/ /index.php?$query_string;
        }
    }
    ...
}

#auth_basic "Restricted Area";
#auth_basic_user_file /etc/nginx/forge-conf/staging.mysite.com/server/.htpasswd-21495;

#location /my-unrestricted-uri {
#   auth_basic off;
#}

So I have moved the request for Basic Auth to the location block and used a sub-loaction to turn off basic auth. The route is now unprotected which is what I want but when accessing any other part of the site I am continually asked for auth credentials so some kind of redirect loop is happening here.

Solution

  • I don't know what can be the cause of that loop but you can try to use a technique I just described in this answer using the $uri variable value:

    map $uri $realm {
    /my-unrestricted-uri  off;
    default               "Restricted Area";
}
auth_basic            $realm;
auth_basic_user_file  /etc/nginx/forge-conf/staging.mysite.com/server/.htpasswd-21495;

    Please note that this configuration fragment should be placed outside the server block (in other words, at the http context).