0°

Nginx 之 ngx_http_auth_basic_module 身份验证模块

Nginx使用 ngx_http_auth_basic_module 模块使用“ HTTP基本身份验证”协议验证用户名和密码来限制对资源的访问

ngx_http_auth_basic_module模块官方文档: http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html

参数介绍

#auth_basic语法
Syntax: auth_basic string | off;
Default:    auth_basic off;
Context:    http, server, location, limit_except

#auth_basic_user_file语法
Syntax: auth_basic_user_file file;
Default:    —
Context:    http, server, location, limit_except

#案例:
location / {
    auth_basic           "closed site";             #认证命名(自定义)
    auth_basic_user_file conf/htpasswd;             #认证密码文件
}

Nginx服务器上的所有虚拟主机身份认证

将认证加到http中对所有server生效

安装httpd-tools工具
yum install httpd-tools.x86_64 -y

使用htpasswd命令来创建账户,首次创建用户需要加-bc参数
htpasswd -bc /usr/local/nginx/conf/htpasswd nginx_user1 3edc#EDC        #创建用户nginx_user1,密码"3edc#EDC"
Adding password for user nginx_user1

修改账户文件属性为Nginx进程所属用户,密码文件改为600是为了安全性
chown -Rf nginx.nginx /usr/local/nginx/conf/htpasswd
chmod 600 /usr/local/nginx/conf/htpasswd 

将以下配置加入nginx.conf主配置文件中的http配置段中以启用全站身份认证

vim /usr/local/nginx/conf/nginx.conf
auth_basic "User Authentication";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;

测试访问

Nginx服务器上的单个虚拟主机身份认证

将认证加到server中对当前server生效

安装httpd-tools工具
yum install httpd-tools.x86_64 -y

使用htpasswd命令来创建账户,首次创建用户需要加-bc参数
htpasswd -bc /usr/local/nginx/conf/htpasswd nginx_user1 3edc#EDC        #创建用户nginx_user1,密码"3edc#EDC"
Adding password for user nginx_user1

修改账户文件属性为Nginx进程所属用户,密码文件改为600是为了安全性
chown -Rf nginx.nginx /usr/local/nginx/conf/htpasswd
chmod 600 /usr/local/nginx/conf/htpasswd 

将以下配置加入虚拟主机配置文件中的server配置段中以启用当前虚拟主机身份认证

vim /usr/local/nginx/conf/conf.d/vhost.conf
server {
        listen  80;
        server_name k8sops.cn;
        return 301 https://$server_name$request_uri;
}

server {
        listen  443 ssl;
        server_name k8sops.cn;
        ssl_certificate /usr/local/nginx/ssl/server.crt;
        ssl_certificate_key /usr/local/nginx/ssl/server.key;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;
        access_log /usr/local/nginx/logs/access.log main;

        allow 192.168.31.0/24;
        deny all;

#加入以下配置
        auth_basic "User Authentication";       
        auth_basic_user_file /usr/local/nginx/conf/htpasswd;

        location  / {
            root html;
            index index.html;
        }

        location /k8sops {
            alias html;
            index index.html;
        }

        location /ngx_status {
            stub_status on;
            allow 127.0.0.1;
            deny all;
        }
}

测试访问

Nginx服务器上的单个location身份认证

将认证加到location中对当前location生效

安装httpd-tools工具
yum install httpd-tools.x86_64 -y

使用htpasswd命令来创建账户,首次创建用户需要加-bc参数
htpasswd -bc /usr/local/nginx/conf/htpasswd nginx_user1 3edc#EDC        #创建用户nginx_user1,密码"3edc#EDC"
Adding password for user nginx_user1

修改账户文件属性为Nginx进程所属用户,密码文件改为600是为了安全性
chown -Rf nginx.nginx /usr/local/nginx/conf/htpasswd
chmod 600 /usr/local/nginx/conf/htpasswd 

将以下配置加入虚拟主机配置文件中的location配置段中以启用当前location身份认证

erver {
        listen  80;
        server_name k8sops.cn;
        return 301 https://$server_name$request_uri;
}

server {
        listen  443 ssl;
        server_name k8sops.cn;
        ssl_certificate /usr/local/nginx/ssl/server.crt;
        ssl_certificate_key /usr/local/nginx/ssl/server.key;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;
        access_log /usr/local/nginx/logs/access.log main;

        allow 192.168.31.0/24;
        deny all;

        location  / {
            root html;
            index index.html;
        }

        location /k8sops {
            alias html;
            index index.html;
        }

        location /ngx_status {
            auth_basic "User Authentication";                           #将认证配置加到location中
            auth_basic_user_file /usr/local/nginx/conf/htpasswd;
            stub_status on;
        }
}

测试访问







「点点赞赏,手留余香」

    还没有人赞赏,快来当第一个赞赏的人吧!
0 条回复 A 作者 M 管理员
    所有的伟大,都源于一个勇敢的开始!
欢迎您,新朋友,感谢参与互动!欢迎您 {{author}},您在本站有{{commentsCount}}条评论