NGINX - Allow any location and alias

Question

I'm looking to make Nginx allow any subfolder to redirect to a specific directory, but store the chosen subfolder in a header.

So for example I have this at the moment which works:

location ^~ /AhRnfKlM {
    alias /var/www/html/admin;
    index index.php index.html index.htm;

    location ~ \.php$ {
        limit_req zone=one burst=8;
        try_files $uri =404;
        fastcgi_index index.php;
        fastcgi_pass php;
        include fastcgi_params;
        fastcgi_buffering on;
        fastcgi_buffers 96 32k;
        fastcgi_buffer_size 32k;
        fastcgi_max_temp_file_size 0;
        fastcgi_keep_conn on;
        fastcgi_param SCRIPT_FILENAME $request_filename;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name;
    }
}

So if I go to http://website.com/AhRnfKlM/index.php it'll work no problem, but what I want is for me to be able to pick any subfolder such as http://website.com/test123/index.php and it will still alias correctly, but store test123 as a header such as X-AuthCode, which I can read in PHP, check against a mysql database of allowed authentication codes and decide what to do from there. This way I can have specific access codes for specific admins or allow one time access codes to exist without modifying NGINX with new aliases.

I've tried various things with regex such as:

location ~ ^(/[^/]+) {
    alias /var/www/html/admin;
    add_header X-AuthCode $1;
    index index.php index.html index.htm;

    location ~ \.php$ {
        limit_req zone=one burst=8;
        try_files $uri =404;
        fastcgi_index index.php;
        fastcgi_pass php;
        include fastcgi_params;
        fastcgi_buffering on;
        fastcgi_buffers 96 32k;
        fastcgi_buffer_size 32k;
        fastcgi_max_temp_file_size 0;
        fastcgi_keep_conn on;
        fastcgi_param SCRIPT_FILENAME $request_filename;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name;
    }
}

But can't get it to work! I just get 403 forbidden.

Entire server block (after Ivan's suggestion):

server {
        listen 80;
        location ~ ^/(?<authcode>[^/]+) {
            alias /var/www/html/admin;
            index index.php index.html index.htm;

            location ~ \.php$ {
                limit_req zone=one burst=8;
                try_files $uri =404;
                fastcgi_index index.php;
                fastcgi_pass php;
                include fastcgi_params;
                fastcgi_buffering on;
                fastcgi_buffers 96 32k;
                fastcgi_buffer_size 32k;
                fastcgi_max_temp_file_size 0;
                fastcgi_keep_conn on;
                fastcgi_param SCRIPT_FILENAME $request_filename;
                fastcgi_param SCRIPT_NAME $fastcgi_script_name;
                fastcgi_param AUTHCODE $authcode;
            }
        }
    }

Thank you :)

Answer 1

With add_header directive you are adding X-AuthCode header to the nginx response to the user browser after the response was received by nginx from your PHP backend. What you should do instead is to pass your URI prefix with a fastcgi_param directive to your PHP backend, e.g.

location ~ ^/(?<authcode>[^/]+) {
    ...
    location ~ \.php$ {
        ...
        fastcgi_param AUTHCODE $authcode;
        ...

and then check the $_SERVER['AUTHCODE'] content.

But this does not answer the question why do you receive 403 HTTP error. I think there are other locations in your config that can catch a request before this location did it. Can you test only this location without any others? If your first example works, this one should work too.