【随手记录】关于nginx的验证指令auth_basic
1、有些软件本身没有自带用户体系,我们可以通过nginx的ngx_http_auth_basic_module模块(nginx默认安装了这个模块)带的auth_basic、auth_basic_user_file两个指令实现简单的用户验证!
语法: auth_basic string | off;
默认值: auth_basic off;
配置段: http, server, location, limit_except
默认表示不开启认证,后面如果跟上字符,这些字符会在弹窗中显示。
语法: auth_basic_user_file file;
默认值: —
配置段: http, server, location, limit_except
这里需要注意 auth_basic_user_file 指令用来配置密码存储的文件,文件路径需要绝对路径,如果是相对路径就会一直报403 forbidden!
2、密码文件生成
可以通过htpasswd或者openssl生成密码文件,以htpasswd为例:
htpasswd --help Usage: htpasswd [-cimBdpsDv] [-C cost] passwordfile username htpasswd -b[cmBdpsDv] [-C cost] passwordfile username password htpasswd -n[imBdps] [-C cost] username htpasswd -nb[mBdps] [-C cost] username password -c Create a new file. -n Don't update file; display results on stdout. -b Use the password from the command line rather than prompting for it. -i Read password from stdin without verification (for script usage). -m Force MD5 encryption of the password (default). -B Force bcrypt encryption of the password (very secure). -C Set the computing time used for the bcrypt algorithm (higher is more secure but slower, default: 5, valid: 4 to 17). -d Force CRYPT encryption of the password (8 chars max, insecure). -s Force SHA encryption of the password (insecure). -p Do not encrypt the password (plaintext, insecure). -D Delete the specified user. -v Verify password for the specified user. On other systems than Windows and NetWare the '-p' flag will probably not work. The SHA algorithm does not use a salt and is less secure than the MD5 algorithm.
常用的参数:
-c创建一个新文件
-m使用MD5加密,默认
-p密码不加密
对于指令auth_basic_user_file不支持 plaintext密码,会一直报错 密码不对!
3、正常操作