1. 程式人生 > >Nginx的訪問控制_auth_basic_module配置

Nginx的訪問控制_auth_basic_module配置

Nginx的訪問控制_auth_basic_module配置

1、http_auth_basic_module詳解

(1)http_auth_basic_module作用

        --with_http_auth_basic_module:使用者登入訪問控制。

        官網解釋:

        The ngx_http_auth_basic_module module allows limiting access to resources by validating the user name and password using the “HTTP Basic Authentication” protocol.

        Access can also be limited by address, by the result of subrequest, or by JWT. Simultaneous limitation of access by address and by password is controlled by the satisfy directive.

 

(2)舉例

location / {
    auth_basic           "closed site";
    auth_basic_user_file conf/htpasswd;
}

2、auth_basic語法

(1)auth_basic語法

Syntax:

auth_basic string | off;

Default:

auth_basic off;

Context:

http, server, location, limit_except

 

語法解釋:

auth_basic string | off;

stirng 表示使用“HTTP基本身份驗證”協議啟用使用者名稱和密碼驗證。

off 表示關閉登入校驗

Enables validation of user name and password using the “HTTP Basic Authentication” protocol. The specified parameter is used as a realm. Parameter value can contain variables (1.3.10, 1.2.7). The special value off allows cancelling the effect of the auth_basic directive inherited from the previous configuration level.

 

(2)auth_basic_user_file語法

Syntax:

auth_basic_user_file file;

Default:

Context:

http, server, location, limit_except

 

語法解釋:

auth_basic_user_file file;表示使用者登入的祕鑰檔案

Specifies a file that keeps user names and passwords, in the following format:

# comment
name1:password1
name2:password2:comment
name3:password3

The file name can contain variables.

The following password types are supported:

  • encrypted with the crypt() function; can be generated using the “htpasswd” utility from the Apache HTTP Server distribution or the “openssl passwd” command;
  • hashed with the Apache variant of the MD5-based password algorithm (apr1); can be generated with the same tools;
  • specified by the “{scheme}data” syntax (1.0.3+) as described in RFC 2307; currently implemented schemes include PLAIN (an example one, should not be used), SHA (1.3.13) (plain SHA-1 hashing, should not be used) and SSHA (salted SHA-1 hashing, used by some software packages, notably OpenLDAP and Dovecot).

Support for SHA scheme was added only to aid in migration from other web servers. It should not be used for new passwords, since unsalted SHA-1 hashing that it employs is vulnerable to rainbow table attacks.

 

3、auth_basic配置

(1)server1.conf配置

        

        auth_basic “test HTTP Basic Authentication” 表示解釋說明的字串

(2)htpasswd加密工具下載安裝

       通過yum源方式安裝httpd-tools工具

       yum -y install httpd-tools

        

(3)建立一個加密檔案

        通過htpasswd命令建立加密檔案

        

        檢視加密檔案是否建立成功

        

        vim htpasswd_conf加密檔案內容

        

4、驗證auth_basic配置是否生效