實戰Nginx web用戶認證
阿新 • • 發佈:2018-03-13
nginx nginx認證 web #屬於apache的一個組件,如果沒有就使用yum安裝
` yum install -y httpd htpasswd`
#第一需要-c創建,-m強制md5加密
# htpasswd -cm /usr/local/nginx/conf/htpasswd aiker
New password:
Re-type new password:
第二次,增加用戶就不用-c,如果使用了-c就會重置文件,只有一條記錄
# htpasswd -m /usr/local/nginx/conf/htpasswd gavin
New password:
Re-type new password:
Adding password for user gavin
vim /usr/local/nginx/conf/enable-php.conf
location ~ [^/]\.php(/|$)
{
try_files $uri =404;
fastcgi_pass unix:/tmp/php-cgi-56.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
**整個網站的認證,auth_basic在php解釋之前
**
# vim /usr/local/nginx/conf/vhost/www.123.cn.conf server { listen 80; server_name www.123.cn; #註意下面的index.*的順序,誰在前面,優先解析誰 index index.php index.html index.htm; root /www/wwwroot/www.123.cn; #下面為認證配置 #目錄認證 location / { auth_basic "Auth"; auth_basic_user_file /usr/local/nginx/conf/htpasswd; } include enable-php.conf; }
#因為有 include enable-php.conf;所以上面就不用單獨配置php-fpm
curl -I -xlocalhost:80 www.123.cn HTTP/1.1 401 Unauthorized Server: nginx Date: Mon, 12 Mar 2018 15:06:50 GMT Content-Type: text/html Content-Length: 188 Connection: keep-alive WWW-Authenticate: Basic realm="Auth" # curl -I -xlocalhost:80 www.123.cn -ugavin Enter host password for user ‘gavin‘: HTTP/1.1 200 OK Server: nginx Date: Mon, 12 Mar 2018 15:07:22 GMT Content-Type: text/html Content-Length: 3703 Last-Modified: Mon, 12 Mar 2018 14:53:42 GMT Connection: keep-alive Vary: Accept-Encoding ETag: "5aa69476-e77" Accept-Ranges: bytes
#網站下的目錄認證
[root@aaa default]# curl -I -xlocalhost:80 www.123.cn
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Mar 2018 15:29:32 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.34
[root@aaa default]# curl -I -xlocalhost:80 www.123.cn/admin/
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Mon, 12 Mar 2018 15:29:40 GMT
Content-Type: text/html
Content-Length: 188
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"
[root@aaa default]# curl -I -xlocalhost:80 www.123.cn/admin/index.php
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Mon, 12 Mar 2018 16:09:12 GMT
Content-Type: text/html
Content-Length: 188
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"
[root@aaa default]# curl -I -xlocalhost:80 www.123.cn/admin/tz.php
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Mon, 12 Mar 2018 16:09:27 GMT
Content-Type: text/html
Content-Length: 188
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"
[root@aaa default]# curl -I -xlocalhost:80 www.123.cn/admin/ -uaiker
Enter host password for user ‘aiker‘:
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Mar 2018 15:29:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.34
#針對指定的文件認證訪問,一定註意include enable-php.conf;必須放在localtion條件後面,否則不生效,
cat /usr/local/nginx/conf/vhost/www.123.cn.conf
server
{
listen 80;
server_name www.123.cn;
index index.php index.html index.htm;
root /www/wwwroot/www.123.cn;
location ~ (.*)admin.php$
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
include enable-php.conf;
}
[root@aaa default]# curl -I -xlocalhost:80 www.123.cn/admin.php
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Mon, 12 Mar 2018 15:59:50 GMT
Content-Type: text/html
Content-Length: 188
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"
如果php解釋在前,那麽認證就不能生效,如下實例:
# vim /usr/local/nginx/conf/vhost/www.123.cn.conf
server
{
listen 80;
server_name www.123.cn;
index index.php index.html index.htm;
root /www/wwwroot/www.123.cn;
include enable-php.conf;
location ~ (.*)admin.php$
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
# curl -I -xlocalhost:80 www.123.cn/admin.php
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Mar 2018 15:55:40 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.34
實戰Nginx web用戶認證