nginx – Clean Way to Combine Location Rules

nginx

Suppose that in my nginx server I want to accomplish these two requirements:

1) all *.php files are to be passed to the php interpreter

2) directory /private/ should require http authentication

If I write

location /private/  {
  auth_basic            "Restricted";
  ....
}

location ~ \.php$ {
    fastcgi_pass   127.0.0.1:9000;
     .... more settings
}

then (if I'm not mistaken) the authentication will only apply to non php files. If instead I add the ^~ flag to the location block, then I loose the php location. This is logical, because nginx only matches one location block.

It seems that the only option left is to use a nested location:

location /private/  {
  auth_basic            "Restricted";
  ....
    location ~ \.php$ {
       fastcgi_pass   127.0.0.1:9000;
         .... more settings
    }
}

location ~ \.php$ {
    fastcgi_pass   127.0.0.1:9000;
     .... more settings
}

This looks rather clumsy and fragile to me: each time I add a protected dir location (or some dir with some special setting), I must remember to add nested locations for PHP (and perhaps other file types). But it seems to be the only way to go. Is this so? Can anyone suggest a better solution?

Best Answer

Unfortunately, no. There is no cleaner way, as explained here, here and in the documentation

But, you should probably use a separate file for your php configuration, that way, all you have to do is this: 

location /private/  {
    auth_basic            "Restricted";
    ....
    location ~ \.php$ {
        include phpconf.conf;
    }
}

location ~ \.php$ {
   include phpconf.conf;
}
Related Topic