【随手记录】关于nginx的验证指令auth_basic

 

 

1、有些软件本身没有自带用户体系,我们可以通过nginx的ngx_http_auth_basic_module模块(nginx默认安装了这个模块)带的auth_basic、auth_basic_user_file两个指令实现简单的用户验证!

语法:       auth_basic string | off;
默认值:     auth_basic off;
配置段:     http, server, location, limit_except
默认表示不开启认证，后面如果跟上字符，这些字符会在弹窗中显示。

语法:       auth_basic_user_file file;
默认值:     —
配置段:     http, server, location, limit_except

这里需要注意 auth_basic_user_file 指令用来配置密码存储的文件,文件路径需要绝对路径,如果是相对路径就会一直报403 forbidden!

 

2、密码文件生成

可以通过htpasswd或者openssl生成密码文件,以htpasswd为例:

htpasswd --help
Usage:
    htpasswd [-cimBdpsDv] [-C cost] passwordfile username
    htpasswd -b[cmBdpsDv] [-C cost] passwordfile username password

    htpasswd -n[imBdps] [-C cost] username
    htpasswd -nb[mBdps] [-C cost] username password
 -c  Create a new file.
 -n  Don't update file; display results on stdout.
 -b  Use the password from the command line rather than prompting for it.
 -i  Read password from stdin without verification (for script usage).
 -m  Force MD5 encryption of the password (default).
 -B  Force bcrypt encryption of the password (very secure).
 -C  Set the computing time used for the bcrypt algorithm
     (higher is more secure but slower, default: 5, valid: 4 to 17).
 -d  Force CRYPT encryption of the password (8 chars max, insecure).
 -s  Force SHA encryption of the password (insecure).
 -p  Do not encrypt the password (plaintext, insecure).
 -D  Delete the specified user.
 -v  Verify password for the specified user.
On other systems than Windows and NetWare the '-p' flag will probably not work.
The SHA algorithm does not use a salt and is less secure than the MD5 algorithm.

常用的参数:

-c创建一个新文件

-m使用MD5加密,默认

-p密码不加密

对于指令auth_basic_user_file不支持 plaintext密码,会一直报错 密码不对!

 3、正常操作