nginx authbasic only protects folders but not individual files

I have this in my server config

location / {

            try_files $uri $uri/ =404;
            auth_basic  "protected site";
            auth_basic_user_file  /etc/nginx/.htpasswd;

When I call my domain or any subfolder, e.g. protection works fine

but when I call my domain incl. file-name, e.g. I don’t need to enter any credentials and can just bypass authbasic.

What did I do wrong here?


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Solved it.

auth_basic  "protected site";
auth_basic_user_file  /etc/nginx/.htpasswd;

has to be moved outside of location block and then it works for the whole site