- 基于主机(ip)
- 基于用户(username&password)
1.基于主机(ip)
1.1模块
ngx_http_access_module
1.2语法
Directives:
allow 允许某些主机
deny 拒绝某些主机Syntax:
Syntax: allow address | CIDR | unix: | all;
Context: http, server, location, limit_except
1.3启用控制
(一)限制主机访问:vim /etc/nginx/conf.d/default.conf
server {
allow 192.168.26.144;
allow 192.168.26.150;
deny all;
}
(二)测试:服务器无法访问
2023/02/02 20:44:43 [error] 2080#2080: *1 access forbidden by rule, client: 192.168.26.1, server: localhost, request: "GET / HTTP/1.1", host: "192.168.26.144"
2.基于用户(username&password)
2.1模块
ngx_http_auth_basic_module
2.2语法
Syntax:
方法一:
Syntax: auth_basic string | off;
Context: http, server, location, limit_except
方法二:
Syntax: auth_basic_user_file file;
Context: http, server, location, limit_except
2.3启用控制
(一)建立认证文件
yum install -y httpd-tools 生成秘钥的工具是由apache提供
htpasswd -cm /etc/nginx/conf.d/passwd user10 会话密码 创造新的加密文件"-c"
htpasswd -m /etc/nginx/conf.d/passwd user20 会话密码
cat /etc/nginx/conf.d/passwd:观察口令文件是否生成。已生成
(二)启动认证:vim /etc/nginx/conf.d/default.conf
server { 找到server{字段,在下一行插入认证字段。
auth_basic "nginx access test!"; 提示消息
auth_basic_user_file /etc/nginx/conf.d/passwd; 引用认证文件...
}
(三)重启服务并验证