I'm trying to set up basic HTTP authentication with Nginx that's multi-layered. I'd like to have one username & password for the entire site except for a certain subdirectory (URL), and a separate username & password for that subdirectory. If somebody navigates to that subdirectory, I want them to be prompted for the subdirectory-specific credentials only, and not the ones for the site root.
How do I set this up?
Reference: http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html
Assume the subdirectory url is http://www.example.com/admin/.
Step 1: create 2 files storing username/password (encrypted) pairs using htpasswd
# to secure the admin site
htpasswd -bc /tmp/admin_passwd.txt admin adminpassword
# to secure the main site
htpasswd -bc /tmp/site_passwd.txt user userpassword
Step 2: set up your nginx config:
server {
listen 80;
server_name www.example.com;
root /tmp/www;
location ^~ /admin/ {
auth_basic "secured site admin";
auth_basic_user_file /tmp/admin_passwd.txt;
}
location / {
auth_basic "secured site";
auth_basic_user_file /tmp/site_passwd.txt;
}
}