0

I'm developing a project using Symfony2, Nginx.

Project is located in my subdomain like developing_site.mysite.com.

I'd like to restrict access to this subdomain without authentication. Not only to dev and config files, but also to production.

So i added auth_basic component to nginx config file in location/ sector in nginx config that is recommended by symfony official web site. As a result, before page loading server asks authentication and loads everything except for any files stores in /web directory like images, js, css and so on. As a result, there is all content processed by .php but without any style and dynamic functionality.

So how can i resolve this issue? What i'm doing wrong?

Nginx config looks like this:

server {

listen {MyServerIp};
server_name developing_site.mysite.com;

root /var/www/developing_site/web;
index index.php index.html index.htm;

location / {
    try_files $uri /app.php$is_args$args;
    auth_basic "Restricted Content";
    auth_basic_user_file var/www/developing_site/.lock/.htpasswd;
}

# DEV
# This rule should only be placed on your development environment
# In production, don't include this and don't deploy app_dev.php or config.php
location ~ ^/(app_dev|config)\.php(/|$) {
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    include fastcgi_params;
    # When you are using symlinks to link the document root to the
    # current version of your application, you should pass the real
    # application path instead of the path to the symlink to PHP
    # FPM.
    # Otherwise, PHP's OPcache may not properly detect changes to
    # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
    # for more information).
    fastcgi_param  SCRIPT_FILENAME  $realpath_root$fastcgi_script_name;
    fastcgi_param DOCUMENT_ROOT $realpath_root;
}
# PROD
location ~ ^/app\.php(/|$) {
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    include fastcgi_params;
    # When you are using symlinks to link the document root to the
    # current version of your application, you should pass the real
    # application path instead of the path to the symlink to PHP
    # FPM.
    # Otherwise, PHP's OPcache may not properly detect changes to
    # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
    # for more information).
    fastcgi_param  SCRIPT_FILENAME  $realpath_root$fastcgi_script_name;
    fastcgi_param DOCUMENT_ROOT $realpath_root;
    # Prevents URIs that include the front controller. This will 404:
    # http://domain.tld/app.php/some-path
    # Remove the internal directive to allow URIs like this
    internal;
}

error_log /var/log/nginx/project_error.log;
access_log /var/log/nginx/project_access.log;
}
Improve this question
1
  • You are mixing DEV and PROD environment, you can't logically have 2 environments in the same folder. try to remove whole #DEV configuration block and reload nginx Commented Apr 20, 2016 at 14:05

1 Answer 1

Reset to default
0

I resolved the issue by myself..

Two mistakes:

  1. syntactic mistake
  2. incorrect place ofauth_basic block

The syntactic mistake is in var/www/developing_site/.lock/.htpasswd;. I used relative link instead of absolute. Correct form is /var/www/developing_site/.lock/.htpasswd; (sorry for that...)

When I've placed auth_basic block in location/ I've set authentication only to / location that in fact processes all /web requests... (/web requests wasn't processed because of 1-st mistake...)

Main symfony requests are processed by location ~ ^/(app_dev|config)\.php(/|$) block in nginx config file.

Solution: To restrict any requests to any files of developing_site.mysite.com without authentication, auth_basic block should be place before any location blocks.

So the correct nginx config should looks like this:

server {

listen MyServerIp;
server_name developing_site.mysite.com;

auth_basic "Unauthorized";
auth_basic_user_file /var/www/.lock/.htpasswd;

root /var/www/developing_site/web;
index index.php index.html index.htm;

location / {
    try_files $uri /app.php$is_args$args;
}

# DEV
# This rule should only be placed on your development environment
# In production, don't include this and don't deploy app_dev.php or config.php
location ~ ^/(app_dev|config)\.php(/|$) {
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    include fastcgi_params;
    # When you are using symlinks to link the document root to the
    # current version of your application, you should pass the real
    # application path instead of the path to the symlink to PHP
    # FPM.
    # Otherwise, PHP's OPcache may not properly detect changes to
    # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
    # for more information).
    fastcgi_param  SCRIPT_FILENAME  $realpath_root$fastcgi_script_name;
    fastcgi_param DOCUMENT_ROOT $realpath_root;
}
# PROD
location ~ ^/app\.php(/|$) {
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    include fastcgi_params;
    # When you are using symlinks to link the document root to the
    # current version of your application, you should pass the real
    # application path instead of the path to the symlink to PHP
    # FPM.
    # Otherwise, PHP's OPcache may not properly detect changes to
    # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
    # for more information).
    fastcgi_param  SCRIPT_FILENAME  $realpath_root$fastcgi_script_name;
    fastcgi_param DOCUMENT_ROOT $realpath_root;
    # Prevents URIs that include the front controller. This will 404:
    # http://domain.tld/app.php/some-path
    # Remove the internal directive to allow URIs like this
    internal;
}

error_log /var/log/nginx/project_error.log;
access_log /var/log/nginx/project_access.log;
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.