Directives
Syntax: | auth_basic |
---|---|
Default: | auth_basic off; |
Context: | http , server , location , limit_except |
Enables validation of user name and password using the “HTTP Basic Authentication” protocol. The specified parameter is used as a realm
. Parameter value can contain variables (1.3.10, 1.2.7). The special value off
allows cancelling the effect of the auth_basic
directive inherited from the previous configuration level.
Syntax: | auth_basic_user_file |
---|---|
Default: | — |
Context: | http , server , location , limit_except |
Specifies a file that keeps user names and passwords, in the following format:
# comment name1:password1 name2:password2:comment name3:password3
The file
name can contain variables.
The following password types are supported: 密码支持的加密方式
- encrypted with the
crypt()
function; can be generated using the “htpasswd
” utility from the Apache HTTP Server distribution or the “openssl passwd
” command;
htppasswd安装查询:rpm -qf /usr/bin/htpasswd
yum安装 : yum install httpd-tools
创建用户名及密码文件:
eg: htpasswd -c ./path/filename keyname 回车后输入密码就可以
- hashed with the Apache variant of the MD5-based password algorithm (apr1); can be generated with the same tools;
- specified by the “
{
scheme
}
data
” syntax (1.0.3+) as described in RFC 2307; currently implemented schemes includePLAIN
(an example one, should not be used),SHA
(1.3.13) (plain SHA-1 hashing, should not be used) andSSHA
(salted SHA-1 hashing, used by some software packages, notably OpenLDAP and Dovecot).Support for
SHA
scheme was added only to aid in migration from other web servers. It should not be used for new passwords, since unsalted SHA-1 hashing that it employs is vulnerable to rainbow table attacks.
nginx -t -c
nginx -s reload
局限性:
需要提前设置密码文件 、管理麻烦效率低下
解决方案:
1. 通过lua文件实现
2. nginx和LDAP打通,利用nginx_auth_ladap实现