Protect directory via DA with Nginx setup

jmdejongh

New member
Joined
Sep 24, 2013
Messages
1
Hi,

In DA users can protect directories (Basic HTTP Authentication) but with the new CB2 / Nginx setup it does not work.
Am I doing something wrong, have I overlooked a config setting?

As a workaround, I've used the following:
- manually create a .htpassdw file, and put it in de users home dir
- add a custom header in DA:
--------------------------------------------------------------------
auth_basic "Restricted";
auth_basic_user_file /home/|USER|/domains/|DOMAIN|/.htpasswd;
--------------------------------------------------------------------
- reload nginx

I really don't want to do that for every client that needs a pw protected a dir, I suppose this should work in DA.

maybe it is a bug, or I'am doing something wrong? :confused:

Any suggestions/solutions?

Thanks in advance!
 
BUMP: Still an issue; anyone find a solution?

I am running CB 2.0 with the system below, and am not able to use Directory Protection correctly. The problems are diverse, but I believe all related to NginX. I have run Apache and Litespeed for about a decade, but am new to Apache+NginX reverse proxy.

Problem 1: Can turn ON, but not OFF. .htaccess and related file get written correctly, but NginX doesn't seem to know.
Problem 2: While functioning .php files in protected directories are served as downloadable files, not read by browser.
Problem 3: After turning off in DirectAdmin, get NginX error.
Problem 4: After deleting all relevant files (.htaccess...), get 500 error.

Solution to get website functional (was protecting a WP admin area), was to turn off protection, delete files, rebuild CustomBuild ./build nginx_apache. Directory is not protected though, although was very protected before... :p

Can anyone confirm this issue? Is there a solution? I'd rather no have to rebuild apache+nginx every time I need to unprotect a directory. This was the closest thread to my issue so I'm bumping it.

Server:
Apache: 2.4.9
Nginx (reverse proxy): 1.6.0
mod_ruid2: 0.9.8
Dovecot: 2.2.13
AWstats: 7.3
Exim: 4.82.1
exim.conf update: yes
SpamAssassin: 3.4.0
ClamAV: no
MySQL: no
MySQL backup: yes
MySQL backup directory: /usr/local/directadmin/custombuild/mysql_backups
PHP (default): 5.5 as mod_php
PHP (additional): 5.3 as suphp
phpMyAdmin: 4.2.5-all-languages
ProFTPD: no
Pure-FTPd: 1.0.36
RoundCube webmail: 1.0.1
Replace "php.ini" with './build all' and './build php_ini': no
Cron for notifications and (or) updates: yes
Cron frequency: weekly
Auto notifications: yes
Auto notifications email address: [email protected]
Auto updates: yes
Run "clean" every time: yes
Run "clean_old_webapps" every time: yes
Run "clean_old_tarballs" every time: yes
Show texts in bold: yes
SquirrelMail: no
Zend Guard Loader: yes
ionCube loader: 4.6.1
Suhosin (with PHP upload scan script): 0.9.36

Local machines:
Linux with Firefox, Konquerer, Opera and others. Android.
 
I've duplicated the issue here.
Looks like we just need to embed the the "location ~ \.php$" section a 2nd time into the "location /protected" section.
Not terribly clean, but that's how it needs to work, as locations cannot overlap with nginx, but can be one within the other.
Just deciding if we want to create a nginx_php.conf to be "included" twice, to keep it cleaner, but causes a 2nd read for each nginx.conf, which might slow down restarts (which.. shouldn't matter as DA does a graceful reload)

John
 
I think it's all sorted out now.

Bugfix entry mentioned here:
https://www.directadmin.com/features.php?id=1621

Note that it required a full redo on how php is implemented in the user nginx.conf files.
A new per-User file:
nginx_php.conf

and new template have been created, and for all php areas, that data/users/nginx_php.conf is simply included.
This will actually shrink all of the nginx.conf files considerably, and may even speed up the reload (depending on nginx/OS caching)

You can test it out now by installing the pre-release binaries:
http://help.directadmin.com/item.php?id=408

John
 
Thanks for the Quick Fix

Hello John,

Thanks for the Quick Fix. I won't get a chance to test it on my system for a few days. I appreciate your speed though.
 
Back
Top