Nginx Http认证实现访问网站或目录密码认证保护 | 使用 HttpAuthBasicModule 模块-白红宇

Nginx Http认证实现访问网站或目录密码认证保护 | 使用 HttpAuthBasicModule 模块

阅读量：6948 次

发布时间：2019-06-27

本文共 5476 字，大约阅读时间需要 18 分钟。

<div style="font-family: Arial;"> <span style="font-family: Arial;">Nginx Http认证实现访问网站或目录密码认证保护 | </span><span style="font-family: Arial;">使用 </span><a style="font-family: Arial;" href="http://wiki.nginx.org/HttpAuthBasicModule">HttpAuthBasicModule</a><span style="font-family: Arial;"> 模块</span></div> <pre style="margin: 0px 4em 2em 2em; unicode-bidi: embed; border: 3px solid #ffffff; padding: 0.5em; background-color: #f9f9f9; color: #555555; font-size: 12px; line-height: 1.2em; vertical-align: top; width: 986.671875px; text-align: left;"><a style="margin: 0px; color: #dc0303; text-decoration: none;" href="http://wiki.nginx.org/NginxHttpCoreModule#location"><span style="margin: 0px; color: #000066;">location</span></a> / <span style="margin: 0px; color: #66cc66;">{</span> <a style="margin: 0px; color: #dc0303; text-decoration: none;" href="http://wiki.nginx.org/NginxHttpAuthBasicModule#auth_basic">auth_basic</a> <span style="margin: 0px; color: #ff0000;">"Restricted"</span><span style="margin: 0px; color: #66cc66;">;</span> <a style="margin: 0px; color: #dc0303; text-decoration: none;" href="http://wiki.nginx.org/NginxHttpAuthBasicModule#auth_basic_user_file">auth_basic_user_file</a> htpasswd<span style="margin: 0px; color: #66cc66;">; </span> <span style="color: #66cc66; font-family: Arial; white-space: normal;">}</span> </pre> <div style="font-family: Arial;">解释:</div> <div style="font-family: Arial;">auth_basic</div> <div style="font-family: Arial;">指令包含一个具有测试用户名和密码的HTTP基本认证，指定的参数将用于认证域。如果将值设置为“off”则忽略下级指令继承的动作。</div> <div style="font-family: Arial;">auth_basic_user_file</div> <div style="font-family: Arial;">指令为验证域指定了密码文件，0.6.7版本以后这里指定的文件是nginx.conf所在目录的相对路径，而不是–prefix指定的路径。</div> <div style="font-family: Arial;">“Restricted" 单词将会出现在第一次访问Nginx站点的弹出框内。</div> <div style="font-family: Arial;">htpasswd是一个文件，位于conf目录下。注意如果你设置的是 conf/htpasswd，这个htpasswd文件应该在conf/conf/目录下。</div> <div style="font-family: Arial;">或者避免麻烦，直接用绝对路径。</div> <div style="font-family: Arial;"> <hr /> </div> <div style="font-family: Arial;"><span style="color: #1a1a1a; font-family: Arial, Geneva, Helvetica, sans-serif; font-size: 12px; font-style: inherit; line-height: 19px;"><strong>如何生成密码文件（</strong></span><a href="http://wiki.nginx.org/Faq#How_do_I_generate_an_.htpasswd_file_without_having_Apache_tools_installed.3F">http://wiki.nginx.org/Faq#How_do_I_generate_an_.htpasswd_file_without_having_Apache_tools_installed.3F</a><strong style="color: #1a1a1a; font-family: Arial, Geneva, Helvetica, sans-serif; font-size: 12px; font-style: inherit; line-height: 19px;"> ）</strong></div> <div style="font-family: Arial;"><span style="color: #1a1a1a; font-family: Arial, Geneva, Helvetica, sans-serif; font-size: 12px; font-style: inherit; line-height: 19px;"><strong><br /></strong></span></div> <div style="font-family: Arial;"><span style="color: #1a1a1a; font-family: Arial, Geneva, Helvetica, sans-serif; font-size: x-small;"><span style="line-height: 19px;"> 1）使用apache htpasswd 生成：</span></span></div> <div style="font-family: Arial;"><span style="color: #1a1a1a; font-family: Arial, Geneva, Helvetica, sans-serif; font-size: x-small;"><span style="line-height: 19px;"> nginx 的 http auth basic 的密码是用 crypt(3) 加密的，而apache是md5加密。所以生成时:</span></span></div> <pre style="margin: 0px 4em 2em 2em; unicode-bidi: embed; border: 3px solid #ffffff; padding: 0.5em; background-color: #f9f9f9; color: #555555; font-size: 12px; line-height: 1.2em; vertical-align: top; width: 986.671875px; text-align: left;"><span style="color: #1a1a1a; font-family: Arial, Geneva, Helvetica, sans-serif; font-size: small; line-height: 19px;">/usr/local/apache2/bin/htpasswd -c -d pass_file user_name

</span>#回车输入密码，-c 表示生成文件，-d 是以 crypt 加密。 </pre>

<div style="font-family: Arial;">2）使用<a href="http://trac.edgewall.org/browser/trunk/contrib/htpasswd.py">htpasswd.py</a>来生成（Nginx 官方 Wiki 中推荐 <a href="http://trac.edgewall.org/browser/trunk/contrib/htpasswd.py">http://trac.edgewall.org/browser/trunk/contrib/htpasswd.py</a>）</div> <pre style="margin: 0px 4em 2em 2em; unicode-bidi: embed; border: 3px solid #ffffff; padding: 0.5em; background-color: #f9f9f9; color: #555555; font-size: 12px; line-height: 1.2em; vertical-align: top; width: 986.671875px; text-align: left;">chmod 777 htpasswd.py

./htpasswd.py -c -b htpasswd username password </pre>

<div style="font-family: Arial;"> <hr /> <span style="color: #1a1a1a; font-family: Arial, Geneva, Helvetica, sans-serif; font-size: 12px; line-height: 19px;"><strong>使用反向代理是避免重复提示认证 </strong></span><strong>proxy_set_header Authorization "";</strong><span style="color: #1a1a1a; font-family: Arial, Geneva, Helvetica, sans-serif; font-size: 12px; line-height: 19px;"><br /></span> <pre style="font-size: 12px; text-align: left; background-color: #f8f8f8;">location / { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/htpasswd; proxy_pass <a style="color: #a00000;" rel="nofollow">http://xxx.xxx.xxx.xxx;</a> proxy_redirect off; <span style="color: #ff2600;">proxy_set_header Authorization ""; #避免代理weblogic重复提示认证问题 </span> proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Ssl on; <span style="white-space: normal; font-family: Arial;">}</span> </pre> </div>

转载于:https://my.oschina.net/loveking/blog/150180

你可能感兴趣的文章

.NET的数学库NMath实用教程——创建复数的几种方法