0

Hope this is the right place to ask. I have Piwik setup and running on a Nginx webserver that I protected with HTTP basic authentication, as seen below.

location /analytics {
    alias /var/www/piwik/;
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/pass;
    try_files $uri $uri/ /index.php;
}

location ~ ^/analytics(.+\.php)$ {
    alias /var/www/piwik$1;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}

This works great for protecting www.example.com/analytics. However, users are being prompted to login on each page, due to the fact that the Piwik tracking tag is on each page. In the official FAQ, that problem is addressed for Apache, but not Nginx.

If you use HTTP Authentication (Basic or Digest) on your Piwik files, you should exclude piwik.php and piwik.js from this authentication, or visitors on your website would be prompted with the authentication popup.

What kind of Nginx rule can I use to protect all files in that directory, besides those two? Is it possible to do a negative regex match on a location block? I've seen solutions for Apache using .htaccess, but nothing for Nginx. Other similar questions are here, here, and here.

Any help would be appreciated!

Community
  • 1
Logan M.
  • 11
  • 3

1 Answers1

0

How about this:

location = /analytics/piwik.php {
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_param /var/www/piwik/piwik.php;
}

location = /analytics/piwik.js {
    try_files $uri;
}

The = operator means that that these rules take first precedence. The problem with your current rules are that the location / rule is first in usage order. Using = changes that.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63
  • Do I need to remove the two location blocks I have above? – Logan M. Jan 14 '15 at 16:10
  • I kept the two locations blocks above and added yours. Here is what I have that **does** let me log in at _/analytics_, but **does not** stop the login prompt on each page. `location = /analytics/piwik.php {fastcgi_pass unix:/var/run/php5-fpm.sock;}` `location = /analytics/piwik.js {try_files $uri piwik.js;}` My error.log file is still showing this `no user/password was provided for basic authentication, client: XX.XX.XX.XX, server: example.com, request: "GET /analytics/piwik.js/ HTTP/1.1"...` – Logan M. Jan 14 '15 at 16:21
  • Asked on Nginx forum and answered [here](http://forum.nginx.org/read.php?2,256585,256630#msg-256630). – Logan M. Aug 13 '15 at 19:24