I have setup my Nginx server to have authentication for everything, but I want to exclude all the files under /var/www/html/t/sms/plivo for password authentication. I have tried using different paths but it always asks for a password when I try to access a file under /var/www/html/t/sms/plivo from my browser.
Below is my /etc/nginx/sites-available/default file
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
auth_basic "Private Property";
auth_basic_user_file /etc/nginx/.htpasswd;
#no password for the plivo folder so we can recieve messages!
location = /t/sms/plivo/ {
auth_basic off;
allow all; # Allow all to see content
}
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
The location = syntax matches one URI and not all of the URIs under it. Also, you should use the ^~ modifier to prevent the regular expression location blocks from interfering. See this document for the rules regarding the evaluation order for location blocks.
If you have any PHP files under /t/sms/plivo/ you will need to add a nested location block to handle those.
For example:
location ^~ /t/sms/plivo/ {
auth_basic off;
allow all; # Allow all to see content
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
That location ~ \.php$ block is in addition to the block already in your configuration with the same name. And, you probably do not need the allow all statement, unless you have some deny rules that I cannot see.