ngx_http_auth_basic_module模块基于“HTTP Basic Authentication“协议完成用户认证。
模块指令:
auth_basic
auth_basic_user_file
这两个指令的应用范围:http,server,location,limit_except
示例:
location / {
auth_basic "closedsite";
auth_basic_user_fileconf/htpasswd;
}
auth_basic指令:
语法:auth_basic string | off;
默认:auth_basic off;
开启/关闭基于“HTTP Basic Authentication”协议的用户/密码认证。
auth_basic_user_file指令:
语法:auth_basic_user_file file;
默认:--
用于指定保存用户名和密码的文件,注意文件权限,chmod 400 file。
文件格式为:
name1:password1
name2:password2:comment
name3:password3
支持的密码类型:
用crypt()函数加密,工具有htpasswd、openssl passwd
使用基于md5的密码算法的Apache变体(apr1)
使用htpasswd实现nginx的认证
安装htpasswd,htpasswd是apache提供的密码生成工具
yuminstall httpd-tools -y
htpasswd用法
$ htpasswd -h
htpasswd:illegal option -- h
Usage:
htpasswd[-cimBdpsDv] [-C cost] passwordfile username
htpasswd-b[cmBdpsDv] [-C cost] passwordfile username password
htpasswd-n[imBdps] [-C cost] username
htpasswd-nb[mBdps] [-C cost] username password
-c Createa new file.
-n Don'tupdate file; display results on stdout.
-b Usethe password from the command line rather than prompting for it.
-i Readpassword from stdin without verification (for script usage).
-m ForceMD5 encryption of the password (default).
-B Forcebcrypt encryption of the password (very secure).
-C Setthe computing time used for the bcrypt algorithm
(higheris more secure but slower, default: 5, valid: 4 to 31).
-d ForceCRYPT encryption of the password (8 chars max, insecure).
-s ForceSHA encryption of the password (insecure).
-p Donot encrypt the password (plaintext, insecure).
-D Deletethe specified user.
-v Verifypassword for the specified user.
创建用户密码文件
[roger@test ~]$ htpasswd -c/etc/nginx/passwd.db xiaoming ###新创建密码文件
New password:
Re-type new password:
Adding password for user xiaoming
[roger@test ~]$ htpasswd/etc/nginx/passwd.db xiaoli ###添加新的用户
New password:
Re-type new password:
Adding password for user xiaoli
[roger@test ~]$ cat/etc/nginx/passwd.db ###查看文件内容格式
xiaoming:$apr1$OlmGwtmd$kG6fmWrQzCWEJGT/uWXsJ.
xiaoli:$apr1$UNkIjCHM$5h6Gigl1q.IZbq6yODzAv1
配置nginx
location / {
auth_basic "welcome";
auth_basic_user_file /etc/nginx/passwd.db;
}