实战Nginx web用户认证
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了实战Nginx web用户认证相关的知识,希望对你有一定的参考价值。
#属于apache的一个组件,如果没有就使用yum安装
` yum install -y httpd htpasswd`
#第一需要-c创建,-m强制md5加密
# htpasswd -cm /usr/local/nginx/conf/htpasswd aiker
New password:
Re-type new password:
第二次,增加用户就不用-c,如果使用了-c就会重置文件,只有一条记录
# htpasswd -m /usr/local/nginx/conf/htpasswd gavin
New password:
Re-type new password:
Adding password for user gavin
vim /usr/local/nginx/conf/enable-php.conf
location ~ [^/]\.php(/|$)
{
try_files $uri =404;
fastcgi_pass unix:/tmp/php-cgi-56.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
**整个网站的认证,auth_basic在php解释之前
**
# vim /usr/local/nginx/conf/vhost/www.123.cn.conf
server
{
listen 80;
server_name www.123.cn;
#注意下面的index.*的顺序,谁在前面,优先解析谁
index index.php index.html index.htm;
root /www/wwwroot/www.123.cn;
#下面为认证配置
#目录认证
location /
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
include enable-php.conf;
}
#因为有 include enable-php.conf;所以上面就不用单独配置php-fpm
curl -I -xlocalhost:80 www.123.cn
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Mon, 12 Mar 2018 15:06:50 GMT
Content-Type: text/html
Content-Length: 188
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"
# curl -I -xlocalhost:80 www.123.cn -ugavin
Enter host password for user ‘gavin‘:
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Mar 2018 15:07:22 GMT
Content-Type: text/html
Content-Length: 3703
Last-Modified: Mon, 12 Mar 2018 14:53:42 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "5aa69476-e77"
Accept-Ranges: bytes
#网站下的目录认证
[[email protected] default]# curl -I -xlocalhost:80 www.123.cn
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Mar 2018 15:29:32 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.34
[[email protected] default]# curl -I -xlocalhost:80 www.123.cn/admin/
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Mon, 12 Mar 2018 15:29:40 GMT
Content-Type: text/html
Content-Length: 188
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"
[[email protected] default]# curl -I -xlocalhost:80 www.123.cn/admin/index.php
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Mon, 12 Mar 2018 16:09:12 GMT
Content-Type: text/html
Content-Length: 188
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"
[[email protected] default]# curl -I -xlocalhost:80 www.123.cn/admin/tz.php
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Mon, 12 Mar 2018 16:09:27 GMT
Content-Type: text/html
Content-Length: 188
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"
[[email protected] default]# curl -I -xlocalhost:80 www.123.cn/admin/ -uaiker
Enter host password for user ‘aiker‘:
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Mar 2018 15:29:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.34
#针对指定的文件认证访问,一定注意include enable-php.conf;必须放在localtion条件后面,否则不生效,
cat /usr/local/nginx/conf/vhost/www.123.cn.conf
server
{
listen 80;
server_name www.123.cn;
index index.php index.html index.htm;
root /www/wwwroot/www.123.cn;
location ~ (.*)admin.php$
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
include enable-php.conf;
}
[[email protected] default]# curl -I -xlocalhost:80 www.123.cn/admin.php
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Mon, 12 Mar 2018 15:59:50 GMT
Content-Type: text/html
Content-Length: 188
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"
如果php解释在前,那么认证就不能生效,如下实例:
# vim /usr/local/nginx/conf/vhost/www.123.cn.conf
server
{
listen 80;
server_name www.123.cn;
index index.php index.html index.htm;
root /www/wwwroot/www.123.cn;
include enable-php.conf;
location ~ (.*)admin.php$
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
# curl -I -xlocalhost:80 www.123.cn/admin.php
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Mar 2018 15:55:40 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.34
以上是关于实战Nginx web用户认证的主要内容,如果未能解决你的问题,请参考以下文章