LNMP 架构——Nginx 用户认证
nginx 中一个虚拟主机对于一个配置文件
创建新的虚拟主机配置文件
[root@dl-001 default]# vim /usr/local/nginx/conf/vhost/test.com.conf //创建虚拟主机
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
location /
{
auth_basic "Auth"; //用户认证的名字
auth_basic_user_file /usr/local/nginx/conf/htpasswd; //用户名密码文件目录
}
}
创建目录
[root@dl-001 default]# mkdir /data/www/test.com
[root@dl-001 default]# vim /data/www/test.com/index.html
test.com
生成密码文件(使用 apache 的生成密码工具 htpasswd)
[root@dl-001 default]# yum install -y httpd
[root@dl-001 default]# htpasswd -c /usr/local/nginx/conf/htpasswd test
New password:
Re-type new password:
Adding password for user test
检测并重新加载
[root@dl-001 default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost default]# /usr/local/nginx/sbin/nginx -s reload
测试
// 不指定用户名密码访问
[root@dl-001 default]# curl -x 127.0.0.1:80 test.com -I
HTTP/1.1 401 Unauthorized
Server: nginx/1.12.2
Date: Sun, 31 Dec 2017 06:55:24 GMT
Content-Type: text/html
Content-Length: 195
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"
// 指定用户名密码访问
[root@dl-001 default]# curl -x 127.0.0.1:80 -utest:testdl991124 test.com -I
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Sun, 31 Dec 2017 06:55:33 GMT
Content-Type: text/html
Content-Length: 8
Last-Modified: Sun, 31 Dec 2017 06:17:09 GMT
Connection: keep-alive
ETag: "5a4880e5-8"
Accept-Ranges: bytes
[root@localhost default]# curl -x 127.0.0.1:80 -utest:1 test.com
test.com
针对虚拟主机下的某个目录进行认证
修改配置文件
[root@dl-001 default]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/www/test.com;
// 修改location即可,其他都不变
location /admin/
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
检测并重新加载
[root@dl-001 default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@dl-001 default]# /usr/local/nginx/sbin/nginx -s reload
检测
// test.com可以访问
[root@dl-001 default]# curl -x 127.0.0.1:80 test.com
test.com
// test.com下的admin目录需要用户认证
[root@dl-001 default]# curl -x 127.0.0.1:80 test.com/admin/
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
针对虚拟主机下的某个文件(访问的 URL)进行认证
修改主配置文件
[root@dl-001 default]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/www/test.com;
// 修改location即可,其他都不变,这里匹配admin.php只是对简单的表示
// 可以使用更复杂的正则来显示精准的文件认证
location ~ admin.php
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
检测并重新加载
[root@dl-001 default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@dl-001 default]# /usr/local/nginx/sbin/nginx -s reload
测试
[root@dl-001 default]# curl -x 127.0.0.1:80 test.com/admin.php<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>