From 3d472f862c077cea50d41e17cc673e3e65f38090 Mon Sep 17 00:00:00 2001 From: Alex Garel Date: Mon, 26 Aug 2024 14:19:18 +0000 Subject: [PATCH] feat: remove basic auth for graphql for WP --- .../nginx/conf.d/contents.conf | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/confs/ovh1-reverse-proxy/nginx/conf.d/contents.conf b/confs/ovh1-reverse-proxy/nginx/conf.d/contents.conf index 1dce9ba4..27ec7e9c 100644 --- a/confs/ovh1-reverse-proxy/nginx/conf.d/contents.conf +++ b/confs/ovh1-reverse-proxy/nginx/conf.d/contents.conf @@ -1,4 +1,10 @@ +# decide wether to use basic auth +map $request_uri $contents_wp_auth { + default "Auth"; + # exclude graphql urls (index.php?graphql or /graphql) + "~*\bgraphql\b" off; +} server { server_name contents.openfoodfacts.org; @@ -8,7 +14,7 @@ server { # Require an "off" username and "off" password to make sure # the site is not indexed by search engines # and user don't land there by luck - auth_basic "Auth"; + auth_basic $contents_wp_auth; auth_basic_user_file /etc/nginx/off.htpasswd; location / { @@ -20,17 +26,6 @@ server { proxy_set_header X-Forwarded-Proto $scheme; } - # remove auth for graphql API - location /graphql { - auth_basic off; - proxy_pass http://10.1.0.130:80; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/contents.openfoodfacts.org/fullchain.pem; # managed by Certbot