I'm currently developing a website in django (more precisely with satchmo) which is hosted on dotcloud for the development version.

To protect this site, i easily set a "basic authentication" by creating a nginx.conf (documented here and more specifically here) site with these lines :

   auth_basic "Dev version : restricted access";
   auth_basic_user_file /home/dotcloud/current/.htpasswd;

But later i encountered a problem with Paypal and it's "Instant payment notifications" system... because the site is protected and always returned a 401 http error to Paypal.

When i figured out this mess (not as quickly as i hoped...), i decided to remove the authentication for the "ipn" page in my site, while keeping it on the rest of the site.

So i laughed "ah ah easy to do !" and tried this :

   location / {
       auth_basic "Dev version : restricted access";
       auth_basic_user_file /home/dotcloud/current/.htpasswd;
   }
   
   location ^~ /shop/checkout/paypal {
       auth_basic off;
   }

But then, at the end of the "dotcloud push myapp.dev ." command, a little error message came to me

   Reloading nginx configuration: [emerg]: duplicate location "/" in /home/dotcloud/current/nginx.conf:1

So i checked the main nginx.conf file in my dotcloud serveur ("/etc/nginx/nginx.conf" and "/etc/nginx/sites-available/default", after a "dotcloud ssh myapp.dev") and, of course, i saw an existing "location /" block.

But... the dotcloud team gave us a chance to arrange this problem, by letting us having a uwsgi.conf in our project, which will be included into the existing "location /" block.

So, now i have two files :

nginx.conf :

   auth_basic_user_file /home/dotcloud/current/.htpasswd;
   
   location = /shop/checkout/paypal/ipn/ {
       auth_basic off;
   }

uwsgi.conf :

  auth_basic "Dev version : restricted access";

But this is not working. I now have a 404 http error on the "ipn" page. I don't know how nginx works but i think that it's because wsgi is not configured for this page. So, by duplicating the wsgi part of the "location /" block into mine, it seems ok (no need to touch uwsgi.conf, it's ok with only the auth_basic line):

nginx.conf:

   auth_basic_user_file /home/dotcloud/current/.htpasswd;
   
   location = /shop/checkout/paypal/ipn/ {
       auth_basic off;
       uwsgi_pass   unix:///var/dotcloud/uwsgi.sock;
       uwsgi_param SCRIPT_NAME /;
       uwsgi_param UWSGI_SCRIPT wsgi;
       include        uwsgi_params;
   }

And NOW, it works :)

I really found this to "hard" for a so simple thing... maybe i do not understand well how to do this. There is a way to avoid the duplicate configuration between the two location blocks ? If youi have the answer, and/or a better way to do this, comments are opened !

PS : Be reading the main nginx.conf i noticed that it's not just our own nginx.conf and uwsgi.conf which are included, but *nginx.conf and *uwsgi.conf.

PPS : thanks to django, satchmo and dotcloud teams. Great tools !