Question

在运行Nginx的Arch Linux服务器上，我正确设置了cgit。我想使用基本身份验证密码保护cgit，但一个目录/pub/除外。如the documentation所示，我考虑将server上下文置于身份验证之上，并为location目录的/pub/上下文获取异常。我尝试this link来正确获取路径。

这里是相应部分的nginx的配置文件。

server {
    listen       80;
    server_name  git.nicosphere.net;
    index cgit.cgi;
    gzip off;

    auth_basic "Restricted";
    auth_basic_user_file /srv/gitosis/.htpasswd;

    location / {
        root /usr/share/webapps/cgit/;
    }

    location ^~ /pub/  {
        auth_basic off;
    }

    if (!-f $request_filename) {
       rewrite ^/([^?/]+/[^?]*)?(?:\?(.*))?$ /cgit.cgi?url=$1&$2 last;
    }

    location ~ \.cgi$ {
        gzip off;
        include fastcgi_params;
        fastcgi_pass    127.0.0.1:9001;
        fastcgi_index   cgit.cgi;
        fastcgi_param   SCRIPT_FILENAME /usr/share/webapps/cgit/cgit.cgi;
        fastcgi_param   DOCUMENT_ROOT /usr/share/webapps/cgit/;
    }
}

这要求我对任何网址进行身份验证。对于一些更简单的测试，我尝试在没有身份验证的情况下离开root，并且只有/pub/进行身份验证。在这种情况下，它根本不需要密码。到目前为止，我设法保护一切或什么都没有。

感谢您的帮助，并为我的近似英语道歉。

Answer 1

我想你想要这样的东西：

server {
    listen       80;
    server_name  git.nicosphere.net;
    index cgit.cgi;
    gzip off;

    root /usr/share/webapps/cgit;

    # $document_root is now set properly, and you don't need to override it
    include fastcgi_params;
    fastcgi_param   SCRIPT_FILENAME $document_root/cgit.cgi;

    location / {
        try_files $uri @cgit;
    }

    # Require auth for requests sent to cgit that originated in location /    
    location @cgit {
        auth_basic "Restricted";
        auth_basic_user_file /srv/gitosis/.htpasswd;

        gzip off;
        # rewrites in nginx don't match the query string
        rewrite ^/([^/]+/.*)?$ /cgit.cgi?url=$1 break;
        fastcgi_pass    127.0.0.1:9001;
    }

    location ^~ /pub/  {
        gzip off;
        rewrite ^/([^/]+/.*)?$ /cgit.cgi?url=$1 break;
        fastcgi_pass    127.0.0.1:9001;
    }
}

使用cgit的Nginx和auth_basic

1 个答案: