Nginx的访问控制_auth_basic_module配置
1、http_auth_basic_module详解
(1)http_auth_basic_module作用
--with_http_auth_basic_module:用户登入访问控制。
官网解释:
The ngx_http_auth_basic_module
module allows limiting access to resources by validating the user name and password using the “HTTP Basic Authentication” protocol.
Access can also be limited by address, by the result of subrequest, or by JWT. Simultaneous limitation of access by address and by password is controlled by the satisfy directive.
(2)举例
location / {
auth_basic "closed site";
auth_basic_user_file conf/htpasswd;
}
2、auth_basic语法
(1)auth_basic语法
Syntax: | auth_basic string | off; |
Default: | auth_basic off; |
Context: | http, server, location, limit_except |
语法解释:
auth_basic string | off;
stirng 表示使用“HTTP基本身份验证”协议启用用户名和密码验证。
off 表示关闭登入校验
Enables validation of user name and password using the “HTTP Basic Authentication” protocol. The specified parameter is used as a realm
. Parameter value can contain variables (1.3.10, 1.2.7). The special value off
allows cancelling the effect of the auth_basic
directive inherited from the previous configuration level.
(2)auth_basic_user_file语法
Syntax: | auth_basic_user_file file; |
Default: | — |
Context: | http, server, location, limit_except |
语法解释:
auth_basic_user_file file;表示用户登入的秘钥文件
Specifies a file that keeps user names and passwords, in the following format:
# comment
name1:password1
name2:password2:comment
name3:password3
The file
name can contain variables.
The following password types are supported:
- encrypted with the
crypt()
function; can be generated using the “htpasswd
” utility from the Apache HTTP Server distribution or the “openssl passwd
” command; - hashed with the Apache variant of the MD5-based password algorithm (apr1); can be generated with the same tools;
- specified by the “
{scheme}data
” syntax (1.0.3+) as described in RFC 2307; currently implemented schemes includePLAIN
(an example one, should not be used),SHA
(1.3.13) (plain SHA-1 hashing, should not be used) andSSHA
(salted SHA-1 hashing, used by some software packages, notably OpenLDAP and Dovecot).
Support for SHA
scheme was added only to aid in migration from other web servers. It should not be used for new passwords, since unsalted SHA-1 hashing that it employs is vulnerable to rainbow table attacks.
3、auth_basic配置
(1)server1.conf配置
auth_basic “test HTTP Basic Authentication” 表示解释说明的字符串
(2)htpasswd加密工具下载安装
通过yum源方式安装httpd-tools工具
yum -y install httpd-tools
(3)创建一个加密文件
通过htpasswd命令创建加密文件
查看加密文件是否创建成功
vim htpasswd_conf加密文件内容
4、验证auth_basic配置是否生效