nginx配置用户名密码登陆
面试中问到这个问题,之前做过tomcat的登陆认证,nginx如下:
-- 使用模块:
ngx_http_auth_basic_module :实现让用户只有输入正确的用户名密码才允许访问web内容
-- 安装httpd工具:
yum -y install httpd
-- 用命令htpasswd生成密码文件:-c指定密码文件,后面自定义登陆的用户名
htpasswd -c /etc/nginx/passwd nginxuser
--配置nginx:
配置文件server内新增加如下两行:
auth_basic "Please input password"; #这里是验证时的提示信息 auth_basic_user_file /etc/nginx/passwd;
nginx -t #验证配置OK
service nginx restart #重启生效
--附htpasswd命令:
Usage: htpasswd [-cimBdpsDv] [-C cost] passwordfile username htpasswd -b[cmBdpsDv] [-C cost] passwordfile username password htpasswd -n[imBdps] [-C cost] username htpasswd -nb[mBdps] [-C cost] username password -c Create a new file. -n Don't update file; display results on stdout. -b Use the password from the command line rather than prompting for it. -i Read password from stdin without verification (for script usage). -m Force MD5 encryption of the password (default). -B Force bcrypt encryption of the password (very secure). -C Set the computing time used for the bcrypt algorithm (higher is more secure but slower, default: 5, valid: 4 to 31). -d Force CRYPT encryption of the password (8 chars max, insecure). -s Force SHA encryption of the password (insecure). -p Do not encrypt the password (plaintext, insecure). -D Delete the specified user. -v Verify password for the specified user. On other systems than Windows and NetWare the '-p' flag will probably not work. The SHA algorithm does not use a salt and is less secure than the MD5 algorithm.