When using e.g. Laravel Forge you can create a section of the website that’s restricted and uses HTTP Basic Access Authentication for access control. When the credentials aren’t entered correctly, the server returns a 401 error.
However, when you would like to restrict a section that’s part of an application, whatever rules you defined in your /etc/nginx/sites-available/domain.tld.conf you have to now add to the new location section.
Example
On a staging server, you want to restrict access to /register and /login. Head to servers/X/sites/Y/security URL by clicking on the server, then select a site and click on „Security“. These entries create 2 files in /etc/nginx/forge-conf/domain.tld/server where ID is the ID you can see in Forge..
- .htpasswd-ID
- protected_site-ID.conf
However, when you now navigate to e.g. /login and enter your credentials, you will see a 404 for /login in the debug console. A request has been made and returned the content – just with the wrong status code. This is happening because there is no file called „login“ in the webserver public folder and nginx hasn’t been instructed to use PHP for this particular location.
tl;dr: You need to add this line to the location entry in the .conf files:
try_files $uri $uri/ /index.php?$query_string;
The whole file now looks like this:
location /register {
auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/forge-conf/domain.tld/server/.htpasswd-42;
try_files $uri $uri/ /index.php?$query_string;
}