LNMP 架构——Nginx 用户认证

nginx 中一个虚拟主机对于一个配置文件


创建新的虚拟主机配置文件

[root@dl-001 default]# vim /usr/local/nginx/conf/vhost/test.com.conf   //创建虚拟主机
server
{
    listen 80;
    server_name test.com;
    index index.html index.htm index.php;
    root /data/wwwroot/test.com;
    
location  /
    {
        auth_basic              "Auth";    //用户认证的名字
        auth_basic_user_file   /usr/local/nginx/conf/htpasswd;    //用户名密码文件目录
   }
}

创建目录

[root@dl-001 default]# mkdir /data/www/test.com
[root@dl-001 default]# vim /data/www/test.com/index.html
test.com

生成密码文件(使用 apache 的生成密码工具 htpasswd)

[root@dl-001 default]# yum install -y httpd
[root@dl-001 default]# htpasswd -c /usr/local/nginx/conf/htpasswd test
New password: 
Re-type new password: 
Adding password for user test

检测并重新加载

[root@dl-001 default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost default]# /usr/local/nginx/sbin/nginx -s reload

测试

// 不指定用户名密码访问
[root@dl-001 default]# curl -x 127.0.0.1:80 test.com -I
HTTP/1.1 401 Unauthorized
Server: nginx/1.12.2
Date: Sun, 31 Dec 2017 06:55:24 GMT
Content-Type: text/html
Content-Length: 195
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"

// 指定用户名密码访问
[root@dl-001 default]# curl -x 127.0.0.1:80 -utest:testdl991124 test.com -I 
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Sun, 31 Dec 2017 06:55:33 GMT
Content-Type: text/html
Content-Length: 8
Last-Modified: Sun, 31 Dec 2017 06:17:09 GMT
Connection: keep-alive
ETag: "5a4880e5-8"
Accept-Ranges: bytes
[root@localhost default]# curl -x 127.0.0.1:80 -utest:1 test.com 
test.com

针对虚拟主机下的某个目录进行认证

修改配置文件

[root@dl-001 default]# vim /usr/local/nginx/conf/vhost/test.com.conf 
server
{
    listen 80;
    server_name test.com;
    index index.html index.htm index.php;
    root /data/www/test.com;
    
    // 修改location即可,其他都不变
    location /admin/
        {
	    auth_basic "Auth";
	    auth_basic_user_file /usr/local/nginx/conf/htpasswd;
	}
}

检测并重新加载

[root@dl-001 default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@dl-001 default]# /usr/local/nginx/sbin/nginx -s reload

检测

// test.com可以访问
[root@dl-001 default]# curl -x 127.0.0.1:80  test.com
test.com

// test.com下的admin目录需要用户认证
[root@dl-001 default]# curl -x 127.0.0.1:80  test.com/admin/
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>

针对虚拟主机下的某个文件(访问的 URL)进行认证

修改主配置文件

[root@dl-001 default]# vim /usr/local/nginx/conf/vhost/test.com.conf 
server
{
    listen 80;
    server_name test.com;
    index index.html index.htm index.php;
    root /data/www/test.com;
    
    // 修改location即可,其他都不变,这里匹配admin.php只是对简单的表示
    // 可以使用更复杂的正则来显示精准的文件认证
    location ~ admin.php
        {
	    auth_basic "Auth";
	    auth_basic_user_file /usr/local/nginx/conf/htpasswd;
	}
}

检测并重新加载

[root@dl-001 default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@dl-001 default]# /usr/local/nginx/sbin/nginx -s reload

测试

[root@dl-001 default]# curl -x 127.0.0.1:80  test.com/admin.php<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>