In this case better put the auth stuff outside the location block, so it applies globally:
Code:
http {
access_log logs/http_access.log;
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
auth_basic "Restricted Content";
auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
# rtmp statistics
location /stat {
rtmp_stat all;
rtmp_stat_stylesheet stat.xsl;
allow 127.0.0.1;
}
<-SNIP->
location / {
index index.html index.htm index.php index.cgi;
}
<-SNIP->