nginx:使用basic_auth限制对除特定页面之外的所有内容的访问

这是我在这里的原始nginx配置，运行良好：

server {
listen 8080; # http
# Forward requests to our node app at port 8082
#
location /mui {
# Remove the '/mui' portion of the path (and any extraneous trailing slash)
rewrite ^/mui/?(.*)$    /$1;     break;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location  / {
# We also rewrite the Java servlet urls to move additional, 'RESTful' path elements
# to a url query parameter named '_path_suffix'
#
rewrite ^/(.*)$    /server?_path_suffix=$1;     break;
proxy_pass         http://localhost:8081;
proxy_redirect     off;
}
}

我想将基本身份验证添加到所有内容中——除了一个页面。。。/mui/river

如果我在服务器块中包括基本的身份验证行，并将auth_basic off放在location /mui块中，则该配置可以正常工作(它需要/的身份验证，但不需要/mui的身份验证(：

server {
listen 8080; # http
auth_basic           "Restricted Area";
auth_basic_user_file /etc/ngnix/.htpasswd;

# Forward requests to our node app at port 8082
#
location /mui {
# Remove the '/mui' portion of the path (and any extraneous trailing slash)
rewrite ^/mui/?(.*)$    /$1;     break;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
auth_basic off;
}
location  / {
# We also rewrite the Java servlet urls to move additional, 'RESTful' path elements
# to a url query parameter named '_path_suffix'
#
rewrite ^/(.*)$    /server?_path_suffix=$1;     break;
proxy_pass         http://localhost:8081;
proxy_redirect     off;
}
}

几乎完美。下一步是让它请求对/mui中除页面/mui/river之外的所有内容进行身份验证。

这就是我的问题所在…我尝试了以下操作，当我到达/mui/river时，它仍然需要身份验证。。。

server {
listen 8080; # http
auth_basic           "Restricted Area";
auth_basic_user_file /etc/ngnix/.htpasswd;

location = /mui/river {
rewrite ^/mui/?(.*)$    /$1;     break;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
auth_basic off;
}
# Forward requests to our node app at port 8082
#
location /mui {
# Remove the '/mui' portion of the path (and any extraneous trailing slash)
rewrite ^/mui/?(.*)$    /$1;     break;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location  / {
# We also rewrite the Java servlet urls to move additional, 'RESTful' path elements
# to a url query parameter named '_path_suffix'
#
rewrite ^/(.*)$    /server?_path_suffix=$1;     break;
proxy_pass         http://localhost:8081;
proxy_redirect     off;
}
}

如何仅为/mui/river打开访问权限？

更新：这是我最近的一次尝试，仍然没有成功——仍然阻止了一切。注意，我还试图更改重写行：

server {
listen 8080; # http
# Forward requests to our node app at port 8082
#
location = /mui/river {
rewrite ^/mui/river?(.*)$    /river$1;     break;
auth_basic off;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /mui {
# Remove the '/mui' portion of the path (and any extraneous trailing slash)
rewrite ^/mui/?(.*)$    /$1;     break;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
auth_basic           "Restricted Area";
auth_basic_user_file /etc/ngnix/.htpasswd;
}
location  / {
# The Java servlet is always assumed to be named 'server', so add that to the path.
#
# We also rewrite the Java servlet urls to move additional, 'RESTful' path elements
# to a url query parameter named '_path_suffix'
#
rewrite ^/(.*)$    /server?_path_suffix=$1;     break;
proxy_pass         http://localhost:8081;
proxy_redirect     off;
auth_basic           "Restricted Area";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}