实战Nginx web用户认证

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了实战Nginx web用户认证相关的知识,希望对你有一定的参考价值。

#属于apache的一个组件,如果没有就使用yum安装

` yum install -y httpd  htpasswd` 

#第一需要-c创建,-m强制md5加密
# htpasswd -cm /usr/local/nginx/conf/htpasswd aiker 

New password:
Re-type new password:

第二次,增加用户就不用-c,如果使用了-c就会重置文件,只有一条记录

# htpasswd -m /usr/local/nginx/conf/htpasswd gavin  

New password:
Re-type new password:
Adding password for user gavin

vim /usr/local/nginx/conf/enable-php.conf

        location ~ [^/]\.php(/|$)
        {
            try_files $uri =404;
            fastcgi_pass  unix:/tmp/php-cgi-56.sock;
            fastcgi_index index.php;
            include fastcgi.conf;
        }

**整个网站的认证,auth_basic在php解释之前

**

# vim /usr/local/nginx/conf/vhost/www.123.cn.conf 

server
{
    listen 80;
    server_name www.123.cn;
#注意下面的index.*的顺序,谁在前面,优先解析谁
    index index.php index.html index.htm;
    root /www/wwwroot/www.123.cn;

#下面为认证配置
#目录认证
location  /
    {
        auth_basic              "Auth";
        auth_basic_user_file   /usr/local/nginx/conf/htpasswd;
}
     include enable-php.conf;
}

#因为有 include enable-php.conf;所以上面就不用单独配置php-fpm

curl -I -xlocalhost:80 www.123.cn
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Mon, 12 Mar 2018 15:06:50 GMT
Content-Type: text/html
Content-Length: 188
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"

# curl -I -xlocalhost:80 www.123.cn -ugavin
Enter host password for user ‘gavin‘:
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Mar 2018 15:07:22 GMT
Content-Type: text/html
Content-Length: 3703
Last-Modified: Mon, 12 Mar 2018 14:53:42 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "5aa69476-e77"
Accept-Ranges: bytes

#网站下的目录认证

[[email protected] default]# curl -I -xlocalhost:80 www.123.cn
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Mar 2018 15:29:32 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.34

[[email protected] default]# curl -I -xlocalhost:80 www.123.cn/admin/
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Mon, 12 Mar 2018 15:29:40 GMT
Content-Type: text/html
Content-Length: 188
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"

[[email protected] default]# curl -I -xlocalhost:80 www.123.cn/admin/index.php
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Mon, 12 Mar 2018 16:09:12 GMT
Content-Type: text/html
Content-Length: 188
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"

[[email protected] default]# curl -I -xlocalhost:80 www.123.cn/admin/tz.php
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Mon, 12 Mar 2018 16:09:27 GMT
Content-Type: text/html
Content-Length: 188
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"

[[email protected] default]# curl -I -xlocalhost:80 www.123.cn/admin/ -uaiker
Enter host password for user ‘aiker‘:
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Mar 2018 15:29:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.34
#针对指定的文件认证访问,一定注意include enable-php.conf;必须放在localtion条件后面,否则不生效,
cat /usr/local/nginx/conf/vhost/www.123.cn.conf    

server
{
    listen 80;
    server_name www.123.cn;
    index index.php index.html index.htm;
    root /www/wwwroot/www.123.cn;

location ~ (.*)admin.php$
     {
        auth_basic              "Auth";
        auth_basic_user_file   /usr/local/nginx/conf/htpasswd;
}
    include enable-php.conf;
}

[[email protected] default]# curl -I -xlocalhost:80 www.123.cn/admin.php       
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Mon, 12 Mar 2018 15:59:50 GMT
Content-Type: text/html
Content-Length: 188
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"

如果php解释在前,那么认证就不能生效,如下实例:

# vim /usr/local/nginx/conf/vhost/www.123.cn.conf

server
{
    listen 80;
    server_name www.123.cn;
    index index.php index.html index.htm;
    root /www/wwwroot/www.123.cn;
    include enable-php.conf;

location ~ (.*)admin.php$
     {
        auth_basic              "Auth";
        auth_basic_user_file   /usr/local/nginx/conf/htpasswd;
}
}

# curl -I -xlocalhost:80 www.123.cn/admin.php    
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Mar 2018 15:55:40 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.34

技术分享图片

以上是关于实战Nginx web用户认证的主要内容,如果未能解决你的问题,请参考以下文章

nginx实战五

nginx服务做用户认证和基于域名的虚拟主机

nginx之用户认证

nginx实战nginx实现虚拟主机及访问认证实战

spring security实战项目笔记

nginx 用户认证