Loading different things for unauthenticated users

I’m having trouble making this work. All html files under /closed should only be for authenticated users and all html files under /open should be for authenticated or unauthenticated users.

If the user is authenticated and they visit /paths/content it should try loading /closed/paths/content.html first and if it doesn’t exist it should try /open/paths/content.html and if both don’t exist it should be a 404.

Similar thing if the user isn’t authenticated. If /open/paths/content.html exists it should load that. If /closed/paths/content.html and /open/paths/content.html don’t exist it should be 404.

The hard part is if the user isn’t authenticated and /closed/paths/content.html exists but /open/paths/content.html doesn’t, then it should be a 500 error because it means previous validation logic failed.

This is what I tried but it isn’t working. Can you show me the right way to do it?

location /paths {
  auth_request /auths;
  auth_request_set $authenticated $upstream_status;
  try_files /closed/$uri.html /open/$uri.html;
  error_page 401 = @open;
}

location @open {
  try_files /open/$uri.html;
}

It’s not very clear which parts are working and which are not. I’m also confused by the use of $uri.html because that will append ‘.html’ to requests that presumably already have it?

Regardless, I believe a simpler approach will be to use root instead of try_files:

location /paths {
  auth_request @auths; # suggest using a named location here (more private)
  auth_request_set …;
  root /closed;
  error_page 401 403 404 = @open; #for all auth and file access failures
}

location @open {
  root /open;
}

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.