Nginx basicAuth silently does not work when using return

user439667568 · May 4, 2025, 2:14am

It seems nginx does silently not use basicAuth when using return:

{ pkgs, ... }: {
  services.nginx.enable = true;

  services.nginx.virtualHosts.localhost =
    let
      version1 = {
        root = pkgs.writeTextDir "index.html" "hello";
        locations."/" = {
          tryFiles = "/index.html =404";
        };
      };

      version2 = {
        locations."/" = {
          return = ''200 "hello"'';
          extraConfig = ''default_type text/html;'';
        };
      };
    in
    # version1 uses basicAuth, version2 does not, somehow:
    version1 // {
      basicAuth.user = "password";
    };
}

Does somebody know if there is something wrongly defined when using version2?

TLATER · May 4, 2025, 4:55am

~~Can you explain what you’re expecting to happen here?~~

~~At a glance, you’re simply defining some unused variables, and then set an option that does not exist and should throw an error. I’m not sure if that’s just supposed to be pseudocode…?~~

Ahem, I think I finally grokked it.

AIUI forcibly returning a 200 code means that nginx doesn’t send the 401 that would prompt auth. This is very much an nginx config question, not a NixOS one, though.

Edit the second: handling of the module that contains return happens before the one that contains basic_auth, so it looks to be impossible to mix them: Development guide

user439667568 · May 4, 2025, 8:17pm

Thanks for investigating this. I will delve more into nginx details, thanks for clearing this up!