Nginx serve static content behind authenticated page - nginx

I have created a directory call library, that requires authentication to access. Upon completing authentication I would like to list all files in library for the user. I have tried autoindex to no avail, and most material I am finding doesn't cover whether or not the authentication will affect anything.
Would appreciate any help, thanks.
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm index.php;
# Make site accessible from http://localhost/
server_name localhost;
location / {
# First attempt to serve request as file, then as
# directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location include
# /etc/nginx/naxsi.rules
}
location /website {
}
location /library {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}

Your location /library block will impose the requirement of basic authentication and serve the same static files in /usr/share/nginx/html/library to all users who can successfully authenticate. In short, all users who successfully auth will see the same files in your current config.
To serve different static files to different users, consider that Basic authentication will set the $remote_user variable (see docs) which you can utilise to make your configuration dynamic.
For instance, if you wanted to serve a different folder for each user ID (at the same /library URL), you'd use a block like:
location /library {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
alias /usr/share/nginx/html/$remote_user/;
}
assuming your folders are named with the ID of your users and located at that path.
If a user fails the basic auth, they'll be shown a 403 Forbidden error, which you can handle using the error_page directive to show something more useful than just a basic error. Likewise, if a user can successfully auth and a corresponding folder doesn't exist, they'll see a 404, which you could again handle with an error_page directive.

Related

NGINX access logs from Single Page Application (SPA) and CMS

We have a frontend Angular app of Single Page Application and CMS design, where which is hosted in a docker container based on NGINX. The config is simply as below.
The problem is that the access log only writes logs when the whole page is refreshed and not in each user action (ie click different elements of the page).
We want to be able to log every user action, not only when the page is opened or refreshed.
We are not sure if the problem is the SPA or CMS design.
This works as expected with other pages that are designed differently.
events{}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
server {
listen 80;
server_name localhost;
root /usr/share/nginx/html;
index index.html;
location / {
try_files $uri $uri/ $uri.html /index.html;
}
}
}

How to correct my nginx configuration if it is wrong?

I am new to nginx. I try to learn using search www and stackoverflow. Mostly I get help to understand how to build my nginx configuration.
I have my domain as www.mysite.com. Everything; landing page, the error and server error must be redirect to default index.html. I also define my access and error log. All this done (below code) inside the /etc/nginx/conf.d/default.conf.
I need to redirect (proxy_pass) /admin, /user and anything related to them. Example the /admin has also different folder like /admin/login/. I need to everything after /admin must be redirected. The same goes also for the /user as well.
1) Looking at my code am I redirect the location /admin and location /user correctly?
2) I also use try_files $uri $uri/ =404; in redirection. which also redirects the 404 to default index.html. Am I doing right?
3) I am also denying access to some file and folder. Am I doing right?
My main question is How to correct my nginx configuration if it is wrong? So to understand the correct nginx configuration I divide my question to 3 different question above. I hope I didnt brake stackoverflow how to ask question guidelines.
Thank you.
UPDATE:
server {
charset UTF-8;
listen 80;
listen [::]:80;
server_name www.mysite.com;
access_log /var/log/nginx/host.access.log main;
error_log /var/log/nginx/host.error.log main;
# define a root location variable and assign a value
set $rootLocation /usr/share/nginx/html;
# define www.mysite.com landing page to the static index.html page
location / {
root rootLocation;
index index.html index.htm;
}
# define error page to the static index.html page
error_page 404 /index.html;
location = /index.html {
root rootLocation;
internal;
}
# redirect server error pages to the static index.html page
error_page 500 502 503 504 /index.html;
location = /index.html {
root rootLocation;
internal;
}
# redirect www.mysite.com/admin to localhost
# /admin or /admin/ or /admin/**** must be redirect to localhost
location /admin {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass "http://127.0.0.1:3000";
}
# redirect www.mysite.com/user to localhost
# /user or /user/ or /user/**** must be redirect to localhost
location /user {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass "http://127.0.0.1:3001";
}
}
It is usual to place the root statement once in the server block, rather than repeat the same value in multiple location blocks.
You are using proxy_pass to change the URI before passing it upstream. In this case, the location value and the URI part of the proxy_pass value should either both end with / or neither end with /. See this document for details.
Usually you do not want to place try_files and proxy_pass in the same location. This causes Nginx to check for the existence of the file in its document root before allowing the request to pass upstream.
You should not need to deny access to the configuration files, as these file should not be within the document root in the first place.

Nginx configuration for displaying contents in home directory

The requirement is to display contents in local user's home directory when you enter /~user.
www.blahblahblah.com/~user
I've created a local user with home directory and configured Nginx like that:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm test.html;
# Make site accessible from http://localhost/
server_name localhost;
location ~* /\~(.*)/$ {
root /home/$1/;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
}
But I still got 404 not found error.
The problem is that the root and the URI are concatenated to obtain the request filename, so you are asking nginx to deliver root /home/user/~user/.
The solution is to use a rewrite ... break to sanitise the URI. You can extend the regular expression to capture both elements and then use the named captures in a root and a rewrite ... break statement:
location ~* /\~(?<username>\w+)(?<userpath>/.*)$ {
root /home/$username;
rewrite ^ $userpath break;
}

nginx Redirect subfolder to root domain

I want to redirect the subfolder and all contents to root domain.
For example:
http://www.example.com/ubb/ will redirect to http://www.example.com
My server configuration is like below:
server {
listen 80 default_server;
root /home/vishant/devcenter/wava-v1.1/HTML;
index index.html index.htm;
# Make site accessible from http://localhost/
server_name baetter.l;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
#proxy_pass "http://127.0.0.1:3000";
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
}
i have found similar problem solved using htaccess here
But how can i achieve in nginx??
One of a number of solutions is:
location ^~ /ubb/ {
return 302 /;
}
The ^~ modifier ensures that this prefix location continues to take precedence if you were to add any regex locations in the future. See this document for details.
The return directive is documented here.

routing subdomain to subdirectory on nginx

Please help as explicitly as possible. I have set up a domain on a home server running nginx on Ubuntu 15, and I have the dns pointed to it. I can use the domain to access the site and if I append /subdirectory to it, I am able to launch the pages inside the subdirectories. What I am trying to do is get the subdomains to go directly to the correct root. Ie: mysite.com = /index.htm, subdomain.mysite.com = ./subdirectory where files are located.
I have tried every suggestion including those popular and those criticized, and either I get an error restarting Nginx or I get a "server not found" error. I´ve tried setting up cname aliases with my DNS server, and that doesn´t work either.
The working config file is below:
##
server {
server_name "~^(?<sub>.+)\.domain\.tld$";
index index.php index.html index.htm;
root //media/user/ednet/$sub;
ssl_certificate REMOVED FOR SECURITY
ssl_certificate_key REMOVED FOR SECURITYY
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!Anull:!md5;
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
# root //media/user/ednet;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
#=========================Locations=============================
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
# root /usr/share/nginx/html;
}
#============================================================PHP=========================================================
location ~ \.php$ {
try_files $uri =404;
# fastcgi_split_path_info ^(.+\.php) (/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
====================
I´ve tried proxies, redirects, and everything else I can think of--including reading the instructions in the Nginx manual and the wiki.
Thanks
A quick "server not found" by the browser suggests that DNS is not set up. Your subdomains need to resolve to your server's public IP address using either:
specific CNAME record pointing to the main domain specific A record
pointing to the server's IP address wild (catch-all) A record
pointing to the server's IP address
Changes to DNS can take many hours to propagate.
An error restarting nginx suggests a syntax error in the configuration file.
Your configuration file contains no obvious syntax errors, but there are a few strange elements:
root directive appears twice
index directive appears twice
root directive has two leading // where usually one will do
You have IPv4 and IPv6 configured which is fine if you have an IPv6 connection.
You have this server marked as a default_server which means that it will be used even if the server_name regex does not match. Therefore, if you present to the server with a subdomain that returns files from the root, this implies that the regex failed to match but the server block was used by default. In which case, check the regex.
In summary, the first priority is to fix the DNS. Nothing will work unless the subdomains resolve to the IP address of the server.

Resources