nginx 的根目录 为:/home/undoner/nginx-www
nginx 访问地址 为:http://127.0.0.1
本文实现对nginx根目录文件访问的权限控制
(1)nginx指定密码文件格式为:“username:password”,但是password不能为明文,必须经过crypt加密,所以需要用工具产生密码字符串
以下有三种方法:
第一种.
在线直接生成加密字符串:http://tool.oschina.net/htpasswd
第二种
python脚本:“htpasswd.py”,也可以下载。
#!/usr/bin/python
"""Replacement for htpasswd"""
# Original author: Eli Carter
import os
import sys
import random
from optparse import OptionParser
# We need a crypt module, but Windows doesn't have one by default. Try to find
# one, and tell the user if we can't.
try:
import crypt
except ImportError:
try:
import fcrypt as crypt
except ImportError:
sys.stderr.write("Cannot find a crypt module. "
"Possibly http://carey.geek.nz/code/python-fcrypt/\n")
sys.exit(1)
def salt():
"""Returns a string of 2 randome letters"""
letters = 'abcdefghijklmnopqrstuvwxyz' \
'ABCDEFGHIJKLMNOPQRSTUVWXYZ' \
'0123456789/.'
return random.choice(letters) + random.choice(letters)
class HtpasswdFile:
"""A class for manipulating htpasswd files."""
def __init__(self, filename, create=False):
self.entries = []
self.filename = filename
if not create:
if os.path.exists(self.filename):
self.load()
else:
raise Exception("%s does not exist" % self.filename)
def load(self):
"""Read the htpasswd file into memory."""
lines = open(self.filename, 'r').readlines()
self.entries = []
for line in lines:
username, pwhash = line.split(':')
entry = [username, pwhash.rstrip()]
self.entries.append(entry)
def save(self):
"""Write the htpasswd file to disk"""
open(self.filename, 'w').writelines(["%s:%s\n" % (entry[0], entry[1])
for entry in self.entries])
def update(self, username, password):
"""Replace the entry for the given user, or add it if new."""
pwhash = crypt.crypt(password, salt())
matching_entries = [entry for entry in self.entries
if entry[0] == username]
if matching_entries:
matching_entries[0][1] = pwhash
else:
self.entries.append([username, pwhash])
def delete(self, username):
"""Remove the entry for the given user."""
self.entries = [entry for entry in self.entries
if entry[0] != username]
def main():
"""%prog [-c] -b filename username password
Create or update an htpasswd file"""
# For now, we only care about the use cases that affect tests/functional.py
parser = OptionParser(usage=main.__doc__)
parser.add_option('-b', action='store_true', dest='batch', default=False,
help='Batch mode; password is passed on the command line IN THE CLEAR.'
)
parser.add_option('-c', action='store_true', dest='create', default=False,
help='Create a new htpasswd file, overwriting any existing file.')
parser.add_option('-D', action='store_true', dest='delete_user',
default=False, help='Remove the given user from the password file.')
options, args = parser.parse_args()
def syntax_error(msg):
"""Utility function for displaying fatal error messages with usage
help.
"""
sys.stderr.write("Syntax error: " + msg)
sys.stderr.write(parser.get_usage())
sys.exit(1)
if not options.batch:
syntax_error("Only batch mode is supported\n")
# Non-option arguments
if len(args) < 2:
syntax_error("Insufficient number of arguments.\n")
filename, username = args[:2]
if options.delete_user:
if len(args) != 2:
syntax_error("Incorrect number of arguments.\n")
password = None
else:
if len(args) != 3:
syntax_error("Incorrect number of arguments.\n")
password = args[2]
passwdfile = HtpasswdFile(filename, create=options.create)
if options.delete_user:
passwdfile.delete(username)
else:
passwdfile.update(username, password)
passwdfile.save()
if __name__ == '__main__':
main()
第三种
perl脚本:“htpasswd2.pl” ,内容如下:
#!/usr/bin/perl
use strict;
my $pw=$ARGV[0];
print crypt($pw,$pw)."\n";
(2)若是第一种方法,直接新建文本复制进去就行;若是第二种或第三种,下载或新建文件后,注意添加可执行权限,再执行脚本生成用户名密码。
第一种:
将网页上面的结果(“2eN4uuMHGaLQQ”即“test1”加密后的字符串)直接复制进 htpasswd 文件中
htpasswd内容:test1:2eN4uuMHGaLQQ
第二种:
chmod 777 htpasswd.py
./htpasswd.py -c -b htpasswd username password
比如:./htpasswd.py -c -b htpasswd undoner undoner ,得到文件:htpasswd ,内容如下(“dFYOP1Zvmqyfo”即“undoner”加密后的字符串):
htpasswd内容:undoner:dFYOP1Zvmqyfo
第三种:
chmod 777 htpasswd2.pl
./htpasswd2.pl password
比如:./htpasswd2.pl test ,得到密码字符串:N1tQbOFcM5fpg
可将 ”N1tQbOFcM5fpg“ 复制进 /etc/nginx/htpasswd 文件中,用户名是明文的,所以设什么都行,格式如下:
htpasswd内容:test:N1tQbOFcM5fpg
(3)最后将该密码文件htpasswd复制到nginx的配置文件目录(也可放其他位置,注意改路径+改权限),最后nginx里面添加配置即可。
chmod 777 htpasswd
在sites-available/default添加下面两行内容:
auth_basic "Password";
auth_basic_user_file /etc/nginx/htpasswd;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
auth_basic "Password";
auth_basic_user_file /etc/nginx/htpasswd;
charset utf-8;
root /home/undoner/nginx-www;
index index.html index.htm;
autoindex on;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
(4)重启nginx
sudo /etc/init.d/nginx restart