Hey all,
Hope this is the right place to ask. I have Piwik setup and running on a Nginx webserver that I protected with HTTP basic authentication, as seen below.
location /analytics {
alias /var/www/piwik/;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/pass;
try_files $uri $uri/ /index.php;
}
location ~ ^/analytics(.+\.php)$ {
alias /var/www/piwik$1;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
I have it protected, but it’s prompting to login on every page, due to the piwik.php and piwik.js files being in my protected directory, as described here.
If you use HTTP Authentication (Basic or Digest) on your Piwik files, you should exclude piwik.php and piwik.js from this authentication, or visitors on your website would be prompted with the authentication popup.
What kind of Nginx rule can I use to protect all files in that directory, besides those two? I found this for Apache using .htaccess, but it looks like Nginx has no equivalent. Is it possible to do a negative regex match on a location block?
Any help would be appreciated!