I only want basic authentication for the /misc/rss/ directory. The following docker run command (using labels) allows everything to be served correctly, but does not apply basic auth to the /misc/rss directory.
I thought that adding a second router (rss) with a higher priority that uses basic auth and matches the /misc/rss path would do the trick, but...it doesn't.
Adding the parenthesis didn't change the functioning of that rule. That also doesn't address why basic auth isn't working on /misc/rss (which is covered by a different rule). As I stated in the original post, the content is all served and both routers and rules show up correctly on the dashboard.
After some more poking around, I discovered that in the PathPrefix(/misc) rule I would have needed to add a negation for /misc/rss because /misc always matches even though there is a different rule with a higher priority to first match /misc/rss. And apparently using a regex negative look ahead or look behind would have been necessary...neither of which are supported by Golang's regex engine.
So, I ended up moving the /misc/rss directory to /rss. That works perfectly using a second router with basic auth attaching to the nginx-run service!