nginx可以为网站或者目录设置密码认证,密码认证必须是要加密的。使用apache的htpasswd来创建密码!
使用htpasswd创建密码文件
htpasswd -c 第一次创建时使用-c,如果已存在会清空文件内容
-m 表示以md5格式加密存放
-D 删除用户
1、测试有无htpasswd命令
[root@localhost conf]# htpasswd -bash: htpasswd: command not found |
如果没有此命令可以使用yum -y install httpd来实现
使用示例:htpasswd -c -m /etc/httpd/conf/htpasswd 用户名,以此输入密码即可
如不想安装httpd可以使用下面两种方法实现
1.1、使用perl脚本实现,代码如下
[root@localhost conf]#vi auth_user.pl #! /usr/bin/perl -w#filename: auth_ftp_user.pl use strict; # print "#example: user:passwd\n"; while (<STDIN>) { exit if ($_ =~/^\n/); chomp; (my $user, my $pass) = split /:/, $_, 2; my $crypt = crypt $pass, '$1$' . gensalt(8); print "$user:$crypt\n"; } sub gensalt { my $count = shift; my @salt = ('.', '/', 0 .. 9, 'A' .. 'Z', 'a' .. 'z'); my $s; $s .= $salt[rand @salt] for (1 .. $count); return $s; } 脚本创建完成后为脚本添加可执行权限 chmod +x auth_user.pl 脚本使用方法 ./auth_user.pl user:password 将生成的用户名密码粘贴到/usr/local/nginx/conf/nginx_passwd文件中 |
1.2、创建类htpasswd脚本文件
wget -c soft.vpser.net/lnmp/ext/htpasswd.sh 下载完成后执行htpasswd文件 [root@localhost passwd]# cat htpasswd.sh #!/bin/bash PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin export PATH echo "=====================================" echo "# A tool like htpasswd for Nginx #" echo "#-----------------------------------#" echo "# Author:Licess http://www.lnmp.org #" echo "=====================================" #set UserName username="" read -p "Please input UserName:" username if [ "$username" = "" ]; then echo "Error:UserName can't be NULL!" exit 1 fi echo "===========================" echo "UserName was: $username" echo "===========================" #set password unpassword="" read -p "Please input the Password:" unpassword if [ "$unpassword" = "" ]; then echo "Error:Password can't be NULL!" exit 1 fi echo "===========================" echo "Password was: $unpassword" echo "===========================" password=$(perl -e 'print crypt($ARGV[0], "pwdsalt")' $unpassword) #set htpasswd file htfile="" read -p "Please input Auth filename:" htfile if [ "$htfile" = "" ]; then echo "Error:Auth filename can't be NULL!" exit 1 fi echo "===========================" echo "Auth File: /usr/local/nginx/conf/$htfile" echo "===========================" get_char() { SAVEDSTTY=`stty -g` stty -echo stty cbreak dd if=/dev/tty bs=1 count=1 2> /dev/null stty -raw stty echo stty $SAVEDSTTY } echo "" echo "Press any key to Creat...or Press Ctrl+c to cancel" char=`get_char` if [ ! -f /usr/local/nginx/conf/$htfile.conf ]; then echo "Create Auth file......" cat >/usr/local/nginx/conf/$htfile.conf<<eof $username:$password eof echo "Create Auth file successful,auth file path:/usr/local/nginx/conf/$htfile.conf." else echo "File already exists,please run this script again." exit 1 按照提示输入用户名密码及认证文件名,脚本既会生成认证文件。 |
2、在nginx配置文件中添加认证配置
2.1、如果是给网站添加认证,只需把认证语句添加到server段即可
server { listen 80; server_name www.test.com; root /home/src; index index.html index.htm index.php; auth_basic "input you user name and password"; auth_basic_user_file /usr/local/nginx/conf/vhost/nginx_passwd; |
2.2、如果是给网站目录添加认证,在一个单独的location中,并且在该location中嵌套一个解释php的location,否则php文件不会执行并且会被下载。auth_basic在嵌套的location之后。
server { listen 80; server_name www.test.com; root /home/src; index index.html index.htm index.php; location ~ ^/admin/.* { location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; } auth_basic "input you user name and password"; location ~ .php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; } |
添加完成后重启nginx即可
本文转自 亮公子 51CTO博客,原文链接:http://blog.51cto.com/iyull/1864386