I'm setting up a docker image with nginx-lua installed. The scenario is to have a basic authentication on staging, but not in production. My idea was to have an ENV variable with the name of the stage and check the value in the nginx.conf file.

The content of the docker-compose.yml file (for staging, and for production the STAGE env will be prod of course):

docs-router:
  build: ./nginx 
  environment:
    - API_BASE_URI=staging.example.com
    - DOCS_STATIC_URI=docs-staging.example.com
    - STAGE=staging
  ports:
    - "8089:8089"
    - "8090:8090"

The content of the nginx.conf file:

...

env API_BASE_URI;
env DOCS_STATIC_URI;
env STAGE;

...

http {
  server {
    listen 8089 default_server;
    charset utf-8;
    resolver 8.8.8.8;
    access_log off;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    location ~ ^(/.*\.(?:apib|svg))?$ {
      set_by_lua_block $api_base_uri { return os.getenv("API_BASE_URI") }
      set_by_lua_block $stage { return os.getenv("STAGE") }
      set $unprotected "prod";

      if ($stage = $unprotected) {
        auth_basic "Restricted Content";
        auth_basic_user_file /etc/nginx/.htpasswd;
      }

      proxy_pass https://$api_base_uri$1;
      proxy_set_header Host $api_base_uri;
    }

    ...

  }

}

But it's not working. Any idea, how can I achieve this?