On a Laravel Forge Nginx Server I've enabled basic auth security at a root level for my site, this is working fine.
However I'm now trying to exclude a webhooks path from basic auth to allow the site to function properly with third parties.
No matter what I try this it not seem to work, it works fine if the folder/file exists in the filesystem but not for pretty URLs set-up as routes in Laravel.
This is an extract of my nginx configuration file:
auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/forge-conf/mywebsite/server/.htpasswd;
location = /hooks/stripe {
auth_basic "off";
allow all;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
The above works fine if I change /hooks/stripe to a physical file such as my CSS or favicon. Additionally inverting it works without issue, where I can lock just that route with a password.
I've tried using variations of the location block, some with = and some without. Additionally I've tried auth_basic off; and removing allow all;. Finally i've tried changing the location using different modifiers and making it less specific and placing it before and after the / root location try_files.
Any help would be massively appreciated as I'm now completely stuck
Best Answer
Thanks to @AlexD suggestion in the comments the below works, however you have to move the forge import which may have unintended impacts.
If you try to access a URL that doesn't exist,
/hooks/lostyou still get the basic auth request which I'm unsure why but for now this solves the immediate problem.